last executing test programs: 59.333811059s ago: executing program 0 (id=569): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000001180)=0x2000000) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r0, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x5008, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETOSPACE(r0, 0x8010500c, &(0x7f0000000140)) 59.253168057s ago: executing program 0 (id=570): mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x181) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000021c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r2 = open_tree(r0, &(0x7f0000000280)='\x00', 0x89901) move_mount(r2, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) 59.252767607s ago: executing program 0 (id=571): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x801) sendmsg$tipc(r0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x10) 59.248445635s ago: executing program 0 (id=572): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x3f46137792f68265) syz_clone(0x180, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0xc0049364, &(0x7f00000001c0)) 59.181985144s ago: executing program 0 (id=574): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x527d}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 58.89388629s ago: executing program 0 (id=575): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000000)='fd', 0x0, r2) 58.862952684s ago: executing program 32 (id=575): pipe(&(0x7f0000000500)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fsopen(&(0x7f0000000080)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f00000005c0)='fd', 0x0, r0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x2) fsconfig$FSCONFIG_SET_FD(r1, 0x5, &(0x7f0000000000)='fd', 0x0, r2) 34.609817148s ago: executing program 1 (id=1133): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000260018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x527d}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f0000000140)={0x28, 0x0, 0x0, @host}, 0x10) 34.537073743s ago: executing program 1 (id=1134): r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r2, 0x1, 0x70bd2d, 0x4, {0x5}, [@L2TP_ATTR_CONN_ID={0x8, 0x9, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x2000c800}, 0x30) 34.534508247s ago: executing program 1 (id=1135): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000040)={0x3}, 0x1) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000380)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f0000000000), 0x1) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x49094, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x55cf}, 0x1c) 34.528924854s ago: executing program 1 (id=1136): mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1) mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0]) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='autofs\x00', 0x0, &(0x7f0000000100)) r0 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x0, 0x3f46137792f68265) syz_clone(0x180, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r0, 0xc0049364, &(0x7f00000001c0)) 34.465357326s ago: executing program 1 (id=1137): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000003280)={0x0, 0x0, 0x0}, 0x0) sendmsg$inet(r1, &(0x7f0000000f80)={0x0, 0x0, 0x0}, 0x0) setsockopt$sock_attach_bpf(r0, 0x1, 0x21, &(0x7f0000000040), 0x4) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x801) sendmsg$tipc(r0, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80}, 0x10) 34.040254638s ago: executing program 1 (id=1139): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 33.941862472s ago: executing program 33 (id=1139): r0 = socket$inet_tcp(0x2, 0x1, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='cgroup2\x00', 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.706555942s ago: executing program 2 (id=1569): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000012c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05fea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000580)={@fallback=r1, r1, 0x2f}, 0x20) bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000000180)={0x0, 0x0}, 0x0) r3 = bpf$LINK_GET_FD_BY_ID(0x1e, &(0x7f00000001c0)=r2, 0x4) bpf$BPF_LINK_UPDATE(0x1d, &(0x7f0000000200)={r3, r0, 0x0, r0}, 0xb) 1.837475502s ago: executing program 2 (id=1574): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="e7cc", 0x2) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)=[0x1], 0x0, 0x0, 0x1, 0x1}}, 0x40) 1.761640053s ago: executing program 2 (id=1577): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x34, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}]}, 0x34}}, 0x0) syz_80211_join_ibss(&(0x7f0000000000)='wlan1\x00', &(0x7f0000000040)=@random="2d8d4c", 0x3, 0x1) 1.318700598s ago: executing program 2 (id=1579): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.262675821s ago: executing program 5 (id=1580): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x298}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000040)={&(0x7f0000161000/0xf000)=nil, &(0x7f00001df000/0x3000)=nil, 0xf000, 0x2, 0x2}) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x3) 1.237764845s ago: executing program 2 (id=1581): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f00000000c0)={0x90000005}) epoll_pwait(r2, &(0x7f0000000100)=[{}], 0x1, 0xfffeffff, 0x0, 0x443c000000000000) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e20}, 0x6e) 1.237418362s ago: executing program 5 (id=1582): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) read(r1, &(0x7f00000003c0)=""/4096, 0x1000) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x8001, 0x5}) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040), 0x0) 1.150258627s ago: executing program 3 (id=1585): r0 = socket$nl_generic(0x11, 0x3, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x10) syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @empty, @void, {@ipv4={0x800, @igmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2f}, @broadcast}, {0x14, 0x7c, 0x0, @loopback}}}}}, 0x0) sendmsg(r0, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000000)="4ba72c4cfd81685544f46c3f0800", 0x36}], 0x2, 0x0, 0x0, 0x11000000}, 0x0) 1.023834204s ago: executing program 3 (id=1597): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x9e46, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mlock2(&(0x7f0000ff5000/0x9000)=nil, 0x9000, 0x0) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) set_tid_address(0x0) 334.999913ms ago: executing program 5 (id=1590): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(des3_ede-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb09587", 0x4b}, {&(0x7f00000003c0)="e8700e444d", 0x5}], 0x2}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 328.378028ms ago: executing program 4 (id=1600): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000990000000d"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0xf0b, 0x0, 0x25dfdc01, {0x0, 0x0, 0x0, r3, {0x0, 0xc}, {0xffff, 0xffff}, {0xd, 0xf}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0xc, 0x2, [@TCA_HHF_QUANTUM={0x8, 0x2, 0xfffffffe}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x44004}, 0x0) 323.917994ms ago: executing program 2 (id=1601): r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000480)) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x0, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0684113, &(0x7f0000000300)={0x1, 0xfffff800, 0x1, 0x4000a, 0x8, 0x3, 0x7, 0x11, 0x6, 0x40, 0x6bbc, 0x2}) 284.065868ms ago: executing program 5 (id=1592): r0 = mmap$KVM_VCPU(&(0x7f0000d10000/0xa000)=nil, 0x930, 0x3000006, 0x28031, 0xffffffffffffffff, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r0, 0x20, &(0x7f0000000240)="fb4149dd033be3ac2cc4a22332fdaa8de0418df24200000000a6ab8031d1dfd92f0000000001ffffffff9610fbff77521ce10d8f6b69d22627e700", 0x0, 0xffffffffffffffca) r1 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_GSI_ROUTING(r2, 0x4020ae46, &(0x7f0000000180)=ANY=[@ANYBLOB="010000000100000000000001000000000010"]) ioctl$KVM_GET_DIRTY_LOG(r2, 0x4010ae42, &(0x7f0000000200)={0x1, 0x0, &(0x7f0000005000/0x2000)=nil}) 283.277653ms ago: executing program 4 (id=1593): bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1a00000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xd, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="b4000000000079"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops}, 0x90) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x100, 0x100, 0x9, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r0}, 0x38) 281.724916ms ago: executing program 4 (id=1594): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0xfffffef8}}]}, 0x30}, 0x1, 0x0, 0x0, 0x40010}, 0x0) 273.227977ms ago: executing program 3 (id=1603): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140)) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000440)=ANY=[@ANYBLOB="0100000000000000b2000040ed85643dad"]) 125.758829ms ago: executing program 5 (id=1595): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r1, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000004c0)=@newlink={0x44, 0x10, 0xffffff1f, 0x0, 0x1, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_TTL_INHERIT={0x5, 0xc, 0x1}]}}}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 122.568453ms ago: executing program 4 (id=1607): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000340)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cast6-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18, 0x48814}, 0x14000012) recvmmsg$unix(r1, &(0x7f00000029c0)=[{{0x0, 0x0, &(0x7f0000000b00)=[{&(0x7f0000000680)=""/139, 0x8b}], 0x1}}], 0x1, 0x10000, 0x0) 121.457407ms ago: executing program 3 (id=1608): r0 = fsopen(&(0x7f0000000180)='proc\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0xa) fchdir(r1) r2 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) unlinkat(r2, &(0x7f0000000280)='./bus\x00', 0x200) 12.799225ms ago: executing program 5 (id=1596): ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f0000000040)={{0x1, 0x1, 0x18}, './file0\x00'}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000040)=ANY=[@ANYBLOB="010000000000000001"]) ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000200)={0x1, 0x0, [{0x48c, 0x0, 0x100000001}]}) 12.663254ms ago: executing program 3 (id=1598): ioctl$VHOST_GET_VRING_BASE(0xffffffffffffffff, 0xc008af12, &(0x7f0000000740)) syz_open_dev$sndctrl(&(0x7f0000000680), 0x1, 0x2000) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xcc, 0xc}, 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x15, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000080850000008200000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x18, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f00000021c0)={r2, 0x0, 0x0}, 0x10) 12.614671ms ago: executing program 4 (id=1599): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x12, r0, 0x0) ftruncate(r0, 0xc17a) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) 12.378464ms ago: executing program 3 (id=1602): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0x4, &(0x7f0000000140)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='signal_generate\x00', r0}, 0x18) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x80140, 0x0) fcntl$setlease(r1, 0x400, 0x1) open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 0s ago: executing program 4 (id=1604): syz_usb_connect(0x4, 0x0, 0x0, &(0x7f0000000980)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xf0ff}}]}) r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0) ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @const={0x6, {0x7f, 0x0, 0x8000, 0xfffd}}}) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068) kernel console output (not intermixed with test programs): cc 0x0c38 length: 249 > 2 [ 45.956604][ T5339] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 45.957847][ T5985] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 45.958218][ T5985] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 45.959041][ T5984] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 45.959232][ T5985] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 45.961672][ T5339] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 45.963412][ T5984] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 45.965352][ T5339] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 45.967673][ T5986] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 45.969614][ T5984] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 45.976512][ T5339] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 45.978691][ T5984] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 45.984791][ T5339] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 46.186001][ T5975] chnl_net:caif_netlink_parms(): no params data found [ 46.216999][ T5977] chnl_net:caif_netlink_parms(): no params data found [ 46.333769][ T5980] chnl_net:caif_netlink_parms(): no params data found [ 46.397100][ T5975] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.399370][ T5975] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.401940][ T5975] bridge_slave_0: entered allmulticast mode [ 46.404916][ T5975] bridge_slave_0: entered promiscuous mode [ 46.439134][ T5977] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.441387][ T5977] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.444908][ T5977] bridge_slave_0: entered allmulticast mode [ 46.447558][ T5977] bridge_slave_0: entered promiscuous mode [ 46.457942][ T5975] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.460208][ T5975] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.462418][ T5975] bridge_slave_1: entered allmulticast mode [ 46.465092][ T5975] bridge_slave_1: entered promiscuous mode [ 46.467928][ T5987] chnl_net:caif_netlink_parms(): no params data found [ 46.472312][ T5977] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.475465][ T5977] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.477694][ T5977] bridge_slave_1: entered allmulticast mode [ 46.480330][ T5977] bridge_slave_1: entered promiscuous mode [ 46.573579][ T5975] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.585335][ T5975] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.590457][ T5977] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.593425][ T5980] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.595750][ T5980] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.598038][ T5980] bridge_slave_0: entered allmulticast mode [ 46.600632][ T5980] bridge_slave_0: entered promiscuous mode [ 46.635657][ T5977] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.653205][ T5980] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.655654][ T5980] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.657925][ T5980] bridge_slave_1: entered allmulticast mode [ 46.660529][ T5980] bridge_slave_1: entered promiscuous mode [ 46.681604][ T5975] team0: Port device team_slave_0 added [ 46.699705][ T5977] team0: Port device team_slave_0 added [ 46.702947][ T5977] team0: Port device team_slave_1 added [ 46.733863][ T5975] team0: Port device team_slave_1 added [ 46.771656][ T5980] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 46.848920][ T5980] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 46.851839][ T5987] bridge0: port 1(bridge_slave_0) entered blocking state [ 46.854275][ T5987] bridge0: port 1(bridge_slave_0) entered disabled state [ 46.856804][ T5987] bridge_slave_0: entered allmulticast mode [ 46.859574][ T5987] bridge_slave_0: entered promiscuous mode [ 46.862863][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.866716][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.874732][ T5975] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.878979][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 46.881112][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.889714][ T5977] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 46.920465][ T5987] bridge0: port 2(bridge_slave_1) entered blocking state [ 46.922725][ T5987] bridge0: port 2(bridge_slave_1) entered disabled state [ 46.926278][ T5987] bridge_slave_1: entered allmulticast mode [ 46.929140][ T5987] bridge_slave_1: entered promiscuous mode [ 46.931980][ T5975] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.935272][ T5975] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.943237][ T5975] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.947484][ T5977] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 46.950210][ T5977] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 46.960379][ T5977] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 46.968555][ T5980] team0: Port device team_slave_0 added [ 47.004359][ T5987] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 47.008884][ T5987] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 47.012940][ T5980] team0: Port device team_slave_1 added [ 47.041798][ T5980] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.044680][ T5980] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.053459][ T5980] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.097567][ T5980] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.099778][ T5980] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.108456][ T5980] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.125738][ T5987] team0: Port device team_slave_0 added [ 47.162420][ T5975] hsr_slave_0: entered promiscuous mode [ 47.164851][ T5975] hsr_slave_1: entered promiscuous mode [ 47.168153][ T5987] team0: Port device team_slave_1 added [ 47.184450][ T5977] hsr_slave_0: entered promiscuous mode [ 47.186714][ T5977] hsr_slave_1: entered promiscuous mode [ 47.188763][ T5977] debugfs: 'hsr0' already exists in 'hsr' [ 47.190586][ T5977] Cannot create hsr debugfs directory [ 47.299773][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 47.302052][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.310778][ T5987] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 47.338276][ T5980] hsr_slave_0: entered promiscuous mode [ 47.340674][ T5980] hsr_slave_1: entered promiscuous mode [ 47.342999][ T5980] debugfs: 'hsr0' already exists in 'hsr' [ 47.345024][ T5980] Cannot create hsr debugfs directory [ 47.347325][ T5987] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 47.349532][ T5987] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 47.357676][ T5987] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 47.501682][ T5987] hsr_slave_0: entered promiscuous mode [ 47.503983][ T5987] hsr_slave_1: entered promiscuous mode [ 47.506380][ T5987] debugfs: 'hsr0' already exists in 'hsr' [ 47.508216][ T5987] Cannot create hsr debugfs directory [ 47.667546][ T5977] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 47.673681][ T5977] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 47.682775][ T5977] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 47.690673][ T5977] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 47.709826][ T5975] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 47.714622][ T5975] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 47.718608][ T5975] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 47.723229][ T5975] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 47.757206][ T5980] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 47.764852][ T5980] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 47.772602][ T5980] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 47.777462][ T5980] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 47.821143][ T5987] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 47.825754][ T5987] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 47.834805][ T5987] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 47.840004][ T5987] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 47.882615][ T5977] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.889561][ T5975] 8021q: adding VLAN 0 to HW filter on device bond0 [ 47.909910][ T5977] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.917535][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.919944][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.936470][ T5975] 8021q: adding VLAN 0 to HW filter on device team0 [ 47.944585][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 47.946892][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 47.953892][ T97] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.956231][ T97] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.961123][ T97] bridge0: port 2(bridge_slave_1) entered blocking state [ 47.963371][ T97] bridge0: port 2(bridge_slave_1) entered forwarding state [ 47.996172][ T5980] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.004693][ T5982] Bluetooth: hci3: command tx timeout [ 48.004700][ T5339] Bluetooth: hci1: command tx timeout [ 48.004961][ T5339] Bluetooth: hci0: command tx timeout [ 48.007246][ T5982] Bluetooth: hci2: command tx timeout [ 48.022526][ T5980] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.029850][ T5987] 8021q: adding VLAN 0 to HW filter on device bond0 [ 48.045011][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.047335][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.051557][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.053855][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.069792][ T5987] 8021q: adding VLAN 0 to HW filter on device team0 [ 48.081119][ T1139] bridge0: port 1(bridge_slave_0) entered blocking state [ 48.083384][ T1139] bridge0: port 1(bridge_slave_0) entered forwarding state [ 48.102305][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 48.104768][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 48.142984][ T5977] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.184706][ T5975] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.191139][ T5977] veth0_vlan: entered promiscuous mode [ 48.212195][ T5975] veth0_vlan: entered promiscuous mode [ 48.215848][ T5977] veth1_vlan: entered promiscuous mode [ 48.223818][ T5975] veth1_vlan: entered promiscuous mode [ 48.241467][ T5980] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.260675][ T5975] veth0_macvtap: entered promiscuous mode [ 48.269444][ T5977] veth0_macvtap: entered promiscuous mode [ 48.272340][ T5975] veth1_macvtap: entered promiscuous mode [ 48.276258][ T5987] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 48.285986][ T5977] veth1_macvtap: entered promiscuous mode [ 48.293768][ T5980] veth0_vlan: entered promiscuous mode [ 48.300466][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.307796][ T5975] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.315381][ T5980] veth1_vlan: entered promiscuous mode [ 48.322435][ T13] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.335993][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.338822][ T13] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.341547][ T13] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.352267][ T13] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.357380][ T5977] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.367049][ T5980] veth0_macvtap: entered promiscuous mode [ 48.371890][ T5980] veth1_macvtap: entered promiscuous mode [ 48.379473][ T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.382256][ T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.390131][ T13] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.393718][ T13] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.401814][ T5987] veth0_vlan: entered promiscuous mode [ 48.411745][ T5980] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.418800][ T5980] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.432369][ T5987] veth1_vlan: entered promiscuous mode [ 48.438197][ T13] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.446200][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.448842][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.454724][ T13] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.457544][ T13] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.472142][ T13] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.483037][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.486089][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.508395][ T5987] veth0_macvtap: entered promiscuous mode [ 48.512190][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.515244][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.520741][ T5987] veth1_macvtap: entered promiscuous mode [ 48.531787][ T5975] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 48.543220][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.546161][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 48.547100][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.551090][ T5987] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 48.567273][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.569940][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.581166][ T1177] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.583956][ T1177] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.595656][ T1177] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.603458][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.606320][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.608959][ T1177] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 48.611662][ T6060] "syz.1.2" (6060) uses obsolete ecb(arc4) skcipher [ 48.643683][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.647846][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.675162][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 48.679697][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 48.819431][ T6087] netlink: 28 bytes leftover after parsing attributes in process `syz.1.11'. [ 48.822235][ T6087] netem: change failed [ 48.991952][ T6107] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 49.033728][ T6107] wireguard0: entered promiscuous mode [ 49.036183][ T6107] wireguard0: entered allmulticast mode [ 49.139342][ T6123] loop5: detected capacity change from 0 to 11455 [ 49.155797][ T6123] loop5: detected capacity change from 11455 to 15439 [ 49.219419][ T5976] Buffer I/O error on dev loop5, logical block 1929, async page read [ 49.314192][ T6026] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 49.464278][ T1472] psmouse serio2: Failed to reset mouse on : -5 [ 49.474390][ T6026] usb 5-1: Using ep0 maxpacket: 32 [ 49.478235][ T6026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.482653][ T6026] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 49.485919][ T6026] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 49.489918][ T6026] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 49.492821][ T6026] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 49.503024][ T6026] usb 5-1: config 0 descriptor?? [ 49.644298][ T1327] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 49.646296][ T6151] syzkaller1: entered promiscuous mode [ 49.649218][ T6151] syzkaller1: entered allmulticast mode [ 49.805665][ T1327] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 49.809101][ T1327] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 49.812537][ T1327] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 49.815787][ T1327] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 49.820611][ T1327] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 49.823414][ T1327] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 49.825978][ T1327] usb 7-1: Manufacturer: syz [ 49.829080][ T1327] usb 7-1: config 0 descriptor?? [ 49.923149][ T6026] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5011.0002/input/input6 [ 50.057797][ T6026] input: HID 0458:5011 as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.0/0003:0458:5011.0002/input/input7 [ 50.084324][ T5982] Bluetooth: hci0: command tx timeout [ 50.084624][ T5339] Bluetooth: hci2: command tx timeout [ 50.094205][ T5339] Bluetooth: hci3: command tx timeout [ 50.094871][ T5982] Bluetooth: hci1: command tx timeout [ 50.106298][ T6026] kye 0003:0458:5011.0002: input,hiddev0,hidraw1: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.0-1/input0 [ 50.132690][ T6026] usb 5-1: USB disconnect, device number 2 [ 50.242568][ T1327] appleir 0003:05AC:8243.0003: unknown main item tag 0x0 [ 50.250578][ T1327] appleir 0003:05AC:8243.0003: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.2-1/input0 [ 50.499010][ T6026] usb 7-1: USB disconnect, device number 2 [ 51.176756][ T6185] syzkaller1: entered promiscuous mode [ 51.178569][ T6185] syzkaller1: entered allmulticast mode [ 51.238942][ T6190] Invalid ELF header magic: != ELF [ 51.586530][ T6215] syz.2.63 uses obsolete (PF_INET,SOCK_PACKET) [ 51.895674][ T6246] loop7: detected capacity change from 0 to 7 [ 51.899044][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.902030][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.904671][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.907637][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.910296][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.913188][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.915811][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.918681][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.921281][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.924184][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.926956][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.929816][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.932397][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.935342][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.937815][ T6246] ldm_validate_partition_table(): Disk read failed. [ 51.940044][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.942812][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.946067][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.949113][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 51.951684][ C0] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 51.955831][ T6246] Dev loop7: unable to read RDB block 0 [ 51.958052][ T6246] loop7: unable to read partition table [ 51.960476][ T6246] loop7: partition table beyond EOD, truncated [ 51.962980][ T6246] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 52.066027][ T6255] Bluetooth: MGMT ver 1.23 [ 52.164208][ T5982] Bluetooth: hci1: command tx timeout [ 52.164274][ T5339] Bluetooth: hci0: command tx timeout [ 52.174262][ T5339] Bluetooth: hci3: command tx timeout [ 52.174716][ T5982] Bluetooth: hci2: command tx timeout [ 53.047275][ T6288] netlink: 20 bytes leftover after parsing attributes in process `syz.1.97'. [ 53.234192][ T1472] misc userio: Buffer overflowed, userio client isn't keeping up [ 53.248887][ T6309] overlay: filesystem on ./bus not supported as upperdir [ 53.458216][ T6325] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.550296][ T6325] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.636373][ T6325] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.662333][ T6337] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.120'. [ 53.708743][ T6325] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 53.790930][ T1139] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.797718][ T1139] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.804937][ T1139] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.811665][ T1139] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 53.888310][ T6346] netlink: 14528 bytes leftover after parsing attributes in process `syz.2.124'. [ 53.931422][ T6348] netlink: 'syz.2.125': attribute type 2 has an invalid length. [ 53.934964][ T6348] netlink: 85376 bytes leftover after parsing attributes in process `syz.2.125'. [ 54.245837][ T5982] Bluetooth: hci3: command tx timeout [ 54.245873][ T5339] Bluetooth: hci0: command tx timeout [ 54.245928][ T63] Bluetooth: hci2: command tx timeout [ 54.245964][ T63] Bluetooth: hci1: command tx timeout [ 54.285721][ T1472] input: PS/2 Generic Mouse as /devices/serio2/input/input5 [ 54.494152][ T1472] psmouse serio2: Failed to enable mouse on [ 54.892508][ T6409] syzkaller1: entered promiscuous mode [ 54.897966][ T6409] syzkaller1: entered allmulticast mode [ 55.108777][ T6429] input: syz1 as /devices/virtual/input/input8 [ 55.432075][ T6452] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 55.668233][ T6467] netlink: 'syz.3.180': attribute type 1 has an invalid length. [ 55.671578][ T6467] netlink: 216 bytes leftover after parsing attributes in process `syz.3.180'. [ 56.684148][ T34] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 56.834182][ T34] usb 5-1: Using ep0 maxpacket: 32 [ 56.837633][ T34] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 56.840136][ T34] usb 5-1: config 0 has no interface number 0 [ 56.843542][ T34] usb 5-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 56.846829][ T34] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.849319][ T34] usb 5-1: Product: syz [ 56.850609][ T34] usb 5-1: Manufacturer: syz [ 56.852032][ T34] usb 5-1: SerialNumber: syz [ 56.854993][ T34] usb 5-1: config 0 descriptor?? [ 56.858128][ T34] usb 5-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 56.860871][ T34] usb 5-1: selecting invalid altsetting 1 [ 56.862661][ T34] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 56.867466][ T34] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 56.870670][ T34] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 56.873267][ T34] usb 5-1: media controller created [ 56.883672][ T34] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 56.884120][ T5339] Bluetooth: hci0: Opcode 0x1407 failed: -110 [ 56.884342][ T5982] Bluetooth: hci0: command 0x1407 tx timeout [ 57.634117][ T2299] usb 8-1: new high-speed USB device number 2 using dummy_hcd [ 57.814630][ T2299] usb 8-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 57.817515][ T2299] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 57.819977][ T2299] usb 8-1: Product: syz [ 57.821299][ T2299] usb 8-1: Manufacturer: syz [ 57.822774][ T2299] usb 8-1: SerialNumber: syz [ 57.828634][ T2299] usb 8-1: config 0 descriptor?? [ 57.991701][ T6504] netlink: 4 bytes leftover after parsing attributes in process `syz.2.196'. [ 57.995711][ T6504] (unnamed net_device) (uninitialized): Invalid ad_actor_system MAC address. [ 57.998448][ T6504] (unnamed net_device) (uninitialized): option ad_actor_system: invalid value (68719607821) [ 58.001809][ T6504] Zero length message leads to an empty skb [ 58.016859][ T34] usb 5-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 58.020212][ T34] zl10353_read_register: readreg error (reg=127, ret==-110) [ 58.024188][ T34] usb 5-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 58.038264][ T6058] usb 8-1: USB disconnect, device number 2 [ 58.042056][ T34] usb 5-1: USB disconnect, device number 3 [ 58.858762][ T6533] evm: overlay not supported [ 59.284925][ T5982] Bluetooth: hci4: command 0x1003 tx timeout [ 59.286420][ T5339] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 59.313526][ T6564] vxcan0: tx address claim with dest, not broadcast [ 59.460987][ T6578] bridge0: port 2(bridge_slave_1) entered disabled state [ 59.464652][ T6578] bridge0: port 2(bridge_slave_1) entered blocking state [ 59.467528][ T6578] bridge0: port 2(bridge_slave_1) entered forwarding state [ 59.682988][ T6602] netlink: 12 bytes leftover after parsing attributes in process `syz.1.237'. [ 59.694235][ T6602] vxlan0: entered promiscuous mode [ 59.698407][ T12] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.701405][ T12] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.706483][ T12] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.709262][ T12] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 59.718856][ T6605] Bluetooth: hci0: service_discovery: too big uuid_count value 65535 [ 59.746944][ T6609] overlayfs: failed to set uuid (48/file0, err=-1); falling back to uuid=null. [ 59.751785][ T6609] overlayfs: failed to verify upper root origin [ 60.634339][ T10] hid-generic 0000:0D17:0000.0004: unknown main item tag 0x0 [ 60.637605][ T10] hid-generic 0000:0D17:0000.0004: unknown main item tag 0x0 [ 60.643860][ T10] hid-generic 0000:0D17:0000.0004: hidraw1: HID v0.00 Device [syz0] on syz1 [ 60.827322][ T40] audit: type=1326 audit(1755019634.208:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 60.834640][ T40] audit: type=1326 audit(1755019634.208:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70de5a7 code=0x7ffc0000 [ 60.841466][ T40] audit: type=1326 audit(1755019634.208:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 60.848561][ T40] audit: type=1326 audit(1755019634.208:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70de5a7 code=0x7ffc0000 [ 60.856068][ T40] audit: type=1326 audit(1755019634.208:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 60.864543][ T40] audit: type=1326 audit(1755019634.208:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70de5a7 code=0x7ffc0000 [ 60.873628][ T40] audit: type=1326 audit(1755019634.208:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 60.882715][ T40] audit: type=1326 audit(1755019634.208:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 60.890986][ T40] audit: type=1326 audit(1755019634.208:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf70de5a7 code=0x7ffc0000 [ 60.897798][ T40] audit: type=1326 audit(1755019634.208:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6650 comm="syz.2.259" exe="/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf70de579 code=0x7ffc0000 [ 60.925611][ T24] delete_channel: no stack [ 61.763973][ T6706] GUP no longer grows the stack in syz.2.278 (6706): 80004000-8000a000 (80002000) [ 61.767928][ T6706] CPU: 0 UID: 0 PID: 6706 Comm: syz.2.278 Not tainted 6.17.0-rc1-syzkaller-00014-g0e39a731820a #0 PREEMPT(full) [ 61.767951][ T6706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 61.767963][ T6706] Call Trace: [ 61.767969][ T6706] [ 61.767976][ T6706] dump_stack_lvl+0x16c/0x1f0 [ 61.768002][ T6706] gup_vma_lookup+0x1d2/0x220 [ 61.768023][ T6706] __get_user_pages+0x243/0x34a0 [ 61.768045][ T6706] ? find_held_lock+0x2b/0x80 [ 61.768056][ T6706] ? __pfx___get_user_pages+0x10/0x10 [ 61.768077][ T6706] get_user_pages_remote+0x243/0xab0 [ 61.768094][ T6706] ? mas_parent_gap+0x6f0/0x7b0 [ 61.768108][ T6706] ? __pfx_get_user_pages_remote+0x10/0x10 [ 61.768126][ T6706] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 61.768145][ T6706] __access_remote_vm+0x24d/0x850 [ 61.768162][ T6706] ? do_raw_spin_lock+0x12c/0x2b0 [ 61.768178][ T6706] ? __pfx___access_remote_vm+0x10/0x10 [ 61.768196][ T6706] proc_pid_cmdline_read+0x4de/0x8e0 [ 61.768210][ T6706] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 61.768223][ T6706] ? rw_verify_area+0xcf/0x6c0 [ 61.768234][ T6706] ? __pfx_proc_pid_cmdline_read+0x10/0x10 [ 61.768245][ T6706] vfs_readv+0x5be/0x8b0 [ 61.768259][ T6706] ? __pfx_vfs_readv+0x10/0x10 [ 61.768280][ T6706] ? __fget_files+0x20e/0x3c0 [ 61.768296][ T6706] ? do_preadv+0x1a6/0x270 [ 61.768306][ T6706] do_preadv+0x1a6/0x270 [ 61.768317][ T6706] ? __pfx_do_preadv+0x10/0x10 [ 61.768329][ T6706] ? rcu_is_watching+0x12/0xc0 [ 61.768342][ T6706] __do_fast_syscall_32+0x7c/0x3a0 [ 61.768358][ T6706] do_fast_syscall_32+0x32/0x80 [ 61.768371][ T6706] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 61.768385][ T6706] RIP: 0023:0xf70de579 [ 61.768394][ T6706] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 61.768404][ T6706] RSP: 002b:00000000f54ce55c EFLAGS: 00000296 ORIG_RAX: 000000000000014d [ 61.768415][ T6706] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 61.768422][ T6706] RDX: 0000000000000001 RSI: 0000000000000300 RDI: 0000000000000000 [ 61.768428][ T6706] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 61.768434][ T6706] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 61.768440][ T6706] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 61.768453][ T6706] [ 62.290867][ T46] Bluetooth: hci4: Frame reassembly failed (-84) [ 62.373670][ T6734] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 62.654177][ T10] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 62.779576][ T6754] binder: 6753:6754 ioctl c0306201 80000040 returned -14 [ 62.814245][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 62.817629][ T10] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 62.821330][ T10] usb 5-1: config 0 has no interface number 0 [ 62.824532][ T10] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 62.828829][ T10] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 62.834012][ T10] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 62.837958][ T10] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 62.841239][ T10] usb 5-1: Product: syz [ 62.842782][ T6760] netlink: 4 bytes leftover after parsing attributes in process `syz.1.303'. [ 62.842954][ T10] usb 5-1: SerialNumber: syz [ 62.849776][ T10] usb 5-1: config 0 descriptor?? [ 62.855902][ T10] cm109 5-1:0.8: invalid payload size 0, expected 4 [ 62.859702][ T10] input: CM109 USB driver as /devices/platform/dummy_hcd.0/usb5/5-1/5-1:0.8/input/input9 [ 63.064892][ C0] cm109 5-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 63.300027][ C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 63.300713][ T10] usb 5-1: USB disconnect, device number 4 [ 63.302553][ C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 63.316429][ T10] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 63.316963][ T24] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 63.327084][ T24] hid-generic 0000:0000:0000.0005: hidraw1: HID v0.00 Device [syz1] on syz0 [ 63.883729][ T6814] loop5: detected capacity change from 0 to 12679 [ 63.890224][ T6814] loop5: detected capacity change from 12679 to 13663 [ 64.055963][ T6817] loop7: detected capacity change from 0 to 7 [ 64.250490][ T6819] support for the xor transformation has been removed. [ 64.251104][ T6817] Dev loop7: unable to read RDB block 7 [ 64.255950][ C0] blk_print_req_error: 6 callbacks suppressed [ 64.255964][ C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 64.256275][ T6817] loop7: unable to read partition table [ 64.258654][ C0] buffer_io_error: 6 callbacks suppressed [ 64.258664][ C0] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 64.261778][ T6817] loop7: partition table beyond EOD, truncated [ 64.272368][ T6817] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 64.324159][ T5339] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 64.465359][ T6827] netlink: 'syz.0.331': attribute type 2 has an invalid length. [ 64.467812][ T6827] netlink: 16 bytes leftover after parsing attributes in process `syz.0.331'. [ 64.495875][ T6829] netlink: 4 bytes leftover after parsing attributes in process `syz.0.332'. [ 64.834242][ T24] usb 8-1: new high-speed USB device number 3 using dummy_hcd [ 64.971484][ T6875] Bluetooth: hci0: too big key_count value 34945 [ 64.985329][ T24] usb 8-1: Using ep0 maxpacket: 32 [ 64.989610][ T24] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 64.992733][ T24] usb 8-1: config 0 has no interfaces? [ 64.994633][ T24] usb 8-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 64.997450][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.000973][ T24] usb 8-1: config 0 descriptor?? [ 65.209490][ T6883] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 65.217109][ T6155] usb 8-1: USB disconnect, device number 3 [ 65.224281][ T6058] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 65.386746][ T6058] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 65.390120][ T6058] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 65.393148][ T6058] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 65.398271][ T6058] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 65.404146][ T6873] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 65.408819][ T6058] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 65.596991][ T6894] bridge_slave_0: left allmulticast mode [ 65.598817][ T6894] bridge_slave_0: left promiscuous mode [ 65.601008][ T6894] bridge0: port 1(bridge_slave_0) entered disabled state [ 65.607208][ T6894] bridge_slave_1: left allmulticast mode [ 65.608998][ T6894] bridge_slave_1: left promiscuous mode [ 65.611157][ T6894] bridge0: port 2(bridge_slave_1) entered disabled state [ 65.616916][ T6894] bond0: (slave bond_slave_0): Releasing backup interface [ 65.621268][ T6894] bond0: (slave bond_slave_1): Releasing backup interface [ 65.630664][ T6894] team0: Port device team_slave_0 removed [ 65.635594][ T2299] usb 6-1: USB disconnect, device number 2 [ 65.636526][ T6894] team0: Port device team_slave_1 removed [ 65.640272][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 65.642585][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 65.646403][ T6894] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 65.648699][ T6894] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 65.711420][ T6896] input: syz0 as /devices/virtual/input/input10 [ 65.756133][ T6900] tipc: Started in network mode [ 65.757994][ T6900] tipc: Node identity 8ee0167869b7, cluster identity 4711 [ 65.760339][ T6900] tipc: Enabled bearer , priority 0 [ 65.765151][ T6900] tipc: Disabling bearer [ 65.877735][ T6911] netlink: 156 bytes leftover after parsing attributes in process `syz.3.369'. [ 66.136136][ T6937] process 'syz.3.380' launched './file0' with NULL argv: empty string added [ 66.165370][ T6941] syzkaller1: entered promiscuous mode [ 66.167269][ T6941] syzkaller1: entered allmulticast mode [ 66.406148][ T6966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.394'. [ 66.410487][ T6966] netlink: 12 bytes leftover after parsing attributes in process `syz.0.394'. [ 66.414012][ T6966] netlink: 50 bytes leftover after parsing attributes in process `syz.0.394'. [ 66.536571][ T6990] Illegal XDP return value 622830656 on prog (id 64) dev syz_tun, expect packet loss! [ 66.573646][ T6999] netlink: 8 bytes leftover after parsing attributes in process `syz.3.409'. [ 66.578142][ T6999] netlink: 12 bytes leftover after parsing attributes in process `syz.3.409'. [ 66.581200][ T6999] netlink: 'syz.3.409': attribute type 5 has an invalid length. [ 66.591927][ T46] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.596135][ T46] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.598881][ T46] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 66.601577][ T46] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 67.014371][ T10] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 67.186782][ T10] usb 6-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 67.189737][ T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 67.192353][ T10] usb 6-1: Product: syz [ 67.194510][ T10] usb 6-1: Manufacturer: syz [ 67.196373][ T10] usb 6-1: SerialNumber: syz [ 67.202531][ T10] usb 6-1: config 0 descriptor?? [ 67.410594][ T5800] usb 6-1: USB disconnect, device number 3 [ 67.842391][ T7045] syzkaller1: entered promiscuous mode [ 67.844359][ T7045] syzkaller1: entered allmulticast mode [ 67.849013][ T7045] PF_CAN: dropped non conform CAN skbuff: dev type 280, len 324 [ 68.510584][ T7097] netlink: 4 bytes leftover after parsing attributes in process `syz.1.455'. [ 68.750401][ T7120] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 68.814415][ T1458] usb 8-1: new high-speed USB device number 4 using dummy_hcd [ 68.984217][ T1458] usb 8-1: Using ep0 maxpacket: 16 [ 68.988273][ T1458] usb 8-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 68.991784][ T1458] usb 8-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 68.996502][ T1458] usb 8-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 69.000563][ T1458] usb 8-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 69.005243][ T1458] usb 8-1: config 7 interface 0 has no altsetting 0 [ 69.007589][ T1458] usb 8-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 69.010420][ T1458] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 69.302130][ T7180] ======================================================= [ 69.302130][ T7180] WARNING: The mand mount option has been deprecated and [ 69.302130][ T7180] and is ignored by this kernel. Remove the mand [ 69.302130][ T7180] option from the mount to silence this warning. [ 69.302130][ T7180] ======================================================= [ 69.447117][ T1458] input: HID 0458:5010 as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:7.0/0003:0458:5010.0006/input/input11 [ 69.454613][ T1458] kye 0003:0458:5010.0006: input,hiddev0,hidraw1: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.3-1/input0 [ 69.457965][ T7186] 9pnet: p9_errstr2errno: server reported unknown error pA;KZ44/@qk [ 69.623230][ T7200] input: syz0 as /devices/virtual/input/input13 [ 70.545518][ C3] kye 0003:0458:5010.0006: usb_submit_urb(ctrl) failed: -1 [ 70.887174][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 70.889384][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 [ 70.957255][ T7255] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 71.157598][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.533'. [ 71.164197][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.2.533'. [ 71.184147][ T7274] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 71.317391][ T2299] usb 8-1: USB disconnect, device number 4 [ 71.400522][ T7286] binder: 7285:7286 ioctl c0306201 800003c0 returned -14 [ 71.482913][ T7293] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.542'. [ 72.060177][ T7312] syzkaller1: entered promiscuous mode [ 72.062125][ T7312] syzkaller1: entered allmulticast mode [ 72.231120][ T7321] netlink: 'syz.2.554': attribute type 11 has an invalid length. [ 72.333460][ T46] wlan1: Trigger new scan to find an IBSS to join [ 73.023397][ T1139] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.103931][ T1139] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.184276][ T1139] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.209513][ T5982] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 73.212767][ T5982] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 73.215927][ T5982] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 73.218812][ T5982] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 73.222244][ T5982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 73.245828][ T1139] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 73.337561][ T7373] chnl_net:caif_netlink_parms(): no params data found [ 73.349606][ T1139] bridge_slave_1: left allmulticast mode [ 73.351620][ T1139] bridge_slave_1: left promiscuous mode [ 73.354275][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.358950][ T1139] bridge_slave_0: left allmulticast mode [ 73.360833][ T1139] bridge_slave_0: left promiscuous mode [ 73.362785][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.589160][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 73.593435][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 73.599350][ T1139] bond0 (unregistering): Released all slaves [ 73.682711][ T7404] ALSA: seq fatal error: cannot create timer (-16) [ 73.696207][ T7373] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.698468][ T7373] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.700674][ T7373] bridge_slave_0: entered allmulticast mode [ 73.703771][ T7373] bridge_slave_0: entered promiscuous mode [ 73.707649][ T7373] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.709893][ T7373] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.712235][ T7373] bridge_slave_1: entered allmulticast mode [ 73.715007][ T7373] bridge_slave_1: entered promiscuous mode [ 73.783728][ T7373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 73.793601][ T7373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 73.843626][ T7373] team0: Port device team_slave_0 added [ 73.848931][ T7373] team0: Port device team_slave_1 added [ 73.910037][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 73.912256][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.920899][ T7373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 73.929820][ T7373] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 73.932154][ T7373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 73.941212][ T7373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 73.956747][ T1139] hsr_slave_0: left promiscuous mode [ 73.964290][ T1139] hsr_slave_1: left promiscuous mode [ 73.966327][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 73.968639][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 73.973134][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 73.977397][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 74.002514][ T1139] veth1_macvtap: left promiscuous mode [ 74.004737][ T1139] veth0_macvtap: left promiscuous mode [ 74.006669][ T1139] veth1_vlan: left promiscuous mode [ 74.008945][ T1139] veth0_vlan: left promiscuous mode [ 74.465787][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 74.517206][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 74.918121][ T7373] hsr_slave_0: entered promiscuous mode [ 74.920349][ T7373] hsr_slave_1: entered promiscuous mode [ 74.922415][ T7373] debugfs: 'hsr0' already exists in 'hsr' [ 74.924893][ T7373] Cannot create hsr debugfs directory [ 75.060811][ T7373] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 75.071258][ T7373] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 75.076402][ T7373] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 75.080735][ T7373] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 75.139065][ T7373] 8021q: adding VLAN 0 to HW filter on device bond0 [ 75.147522][ T7373] 8021q: adding VLAN 0 to HW filter on device team0 [ 75.167221][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 75.169488][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 75.176896][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 75.179162][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 75.202157][ T7373] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 75.205845][ T7373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 75.286090][ T5339] Bluetooth: hci3: command tx timeout [ 75.308468][ T7373] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 75.341674][ T1327] libceph: connect (1)[c::]:6789 error -101 [ 75.343958][ T1327] libceph: mon0 (1)[c::]:6789 connect error [ 75.375219][ T12] wlan1: Trigger new scan to find an IBSS to join [ 75.392472][ T9] libceph: connect (1)[c::]:6789 error -101 [ 75.395531][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 75.419985][ T7506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.620'. [ 75.445388][ T7373] veth0_vlan: entered promiscuous mode [ 75.451344][ T7373] veth1_vlan: entered promiscuous mode [ 75.464942][ T7373] veth0_macvtap: entered promiscuous mode [ 75.468588][ T7373] veth1_macvtap: entered promiscuous mode [ 75.477628][ T7373] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 75.483577][ T7373] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 75.490504][ T1139] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.497419][ T1139] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.500522][ T1139] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.506183][ T1139] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 75.543232][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.547767][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.559600][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 75.562142][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 75.605222][ T1458] libceph: connect (1)[c::]:6789 error -101 [ 75.607269][ T1458] libceph: mon0 (1)[c::]:6789 connect error [ 75.634010][ T2299] libceph: connect (1)[c::]:6789 error -101 [ 75.636099][ T2299] libceph: mon0 (1)[c::]:6789 connect error [ 75.655051][ T2299] libceph: connect (1)[c::]:6789 error -101 [ 75.657129][ T2299] libceph: mon0 (1)[c::]:6789 connect error [ 75.686744][ T5800] libceph: connect (1)[b::]:6789 error -101 [ 75.689087][ T5800] libceph: mon0 (1)[b::]:6789 connect error [ 75.844108][ T7530] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 75.846969][ T7530] macsec1: entered promiscuous mode [ 75.855120][ T7530] macsec1: entered allmulticast mode [ 75.857205][ T7530] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 75.894560][ T2299] libceph: connect (1)[c::]:6789 error -101 [ 75.896921][ T2299] libceph: mon0 (1)[c::]:6789 connect error [ 75.897113][ T40] kauditd_printk_skb: 73 callbacks suppressed [ 75.897125][ T40] audit: type=1326 audit(1755019650.281:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7531 comm="syz.3.629" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7ff2579 code=0x0 [ 75.948312][ T5800] libceph: connect (1)[b::]:6789 error -101 [ 75.950473][ T5800] libceph: mon0 (1)[b::]:6789 connect error [ 76.115094][ T1458] libceph: connect (1)[c::]:6789 error -101 [ 76.117122][ T1458] libceph: mon0 (1)[c::]:6789 connect error [ 76.162914][ T7494] ceph: No mds server is up or the cluster is laggy [ 76.162916][ T7501] ceph: No mds server is up or the cluster is laggy [ 76.165421][ T9] libceph: connect (1)[c::]:6789 error -101 [ 76.171614][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 76.250703][ T7552] netlink: 64 bytes leftover after parsing attributes in process `syz.2.638'. [ 76.261823][ T7552] netlink: 64 bytes leftover after parsing attributes in process `syz.2.638'. [ 76.404338][ T9] libceph: connect (1)[c::]:6789 error -101 [ 76.406464][ T9] libceph: mon0 (1)[c::]:6789 connect error [ 76.455139][ T5800] libceph: connect (1)[b::]:6789 error -101 [ 76.457134][ T5800] libceph: mon0 (1)[b::]:6789 connect error [ 76.464263][ T7515] ceph: No mds server is up or the cluster is laggy [ 76.464335][ T7520] ceph: No mds server is up or the cluster is laggy [ 76.827565][ T7589] serio: Serial port ptm0 [ 76.864129][ T5800] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 76.903940][ T7596] capability: warning: `syz.3.657' uses deprecated v2 capabilities in a way that may be insecure [ 77.017254][ T5800] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 77.020785][ T5800] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 77.023955][ T5800] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 77.027122][ T5800] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.032193][ T7575] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 77.038710][ T5800] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 77.240819][ T5800] usb 7-1: USB disconnect, device number 3 [ 77.246008][ T2299] kernel write not supported for file /register (pid: 2299 comm: kworker/0:2) [ 77.359149][ T7622] bridge_slave_0: vlans aren't supported yet for dev_uc|mc_add() [ 77.364126][ T5339] Bluetooth: hci3: command tx timeout [ 77.393409][ T7624] cgroup: fork rejected by pids controller in /syz3 [ 77.454104][ T1458] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 77.615280][ T1458] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 77.618625][ T1458] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 77.621557][ T1458] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 77.625652][ T1458] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 77.629041][ T1458] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 77.632634][ T1458] usb 6-1: config 0 descriptor?? [ 77.740244][ T1139] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.744732][ T1139] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.799171][ T1139] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.802918][ T1139] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.822747][ T7640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.678'. [ 77.850450][ T7642] netlink: 12 bytes leftover after parsing attributes in process `syz.2.679'. [ 77.857253][ T7642] pim6reg: entered allmulticast mode [ 77.864953][ T7642] pim6reg: left allmulticast mode [ 77.884366][ T1139] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 77.887633][ T1139] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 77.906037][ T5982] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 77.910695][ T5982] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 77.913695][ T5982] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 77.917804][ T5982] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 77.920977][ T5982] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 78.008853][ T1139] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 78.012872][ T1139] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 78.043502][ T1458] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 78.049605][ T7644] chnl_net:caif_netlink_parms(): no params data found [ 78.113053][ T7644] bridge0: port 1(bridge_slave_0) entered blocking state [ 78.115464][ T7644] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.117699][ T7644] bridge_slave_0: entered allmulticast mode [ 78.120634][ T7644] bridge_slave_0: entered promiscuous mode [ 78.124661][ T7644] bridge0: port 2(bridge_slave_1) entered blocking state [ 78.126924][ T7644] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.129145][ T7644] bridge_slave_1: entered allmulticast mode [ 78.131820][ T7644] bridge_slave_1: entered promiscuous mode [ 78.168823][ T7644] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 78.177747][ T7644] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 78.216312][ T7644] team0: Port device team_slave_0 added [ 78.218773][ T1139] bridge_slave_1: left allmulticast mode [ 78.220767][ T1139] bridge_slave_1: left promiscuous mode [ 78.222631][ T1139] bridge0: port 2(bridge_slave_1) entered disabled state [ 78.226932][ T1139] bridge_slave_0: left allmulticast mode [ 78.229238][ T1139] bridge_slave_0: left promiscuous mode [ 78.231621][ T1139] bridge0: port 1(bridge_slave_0) entered disabled state [ 78.310968][ T2299] usb 6-1: USB disconnect, device number 4 [ 78.334148][ T46] wlan1: Trigger new scan to find an IBSS to join [ 78.448453][ T1139] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 78.452410][ T1139] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 78.456113][ T1139] bond0 (unregistering): Released all slaves [ 78.462616][ T7644] team0: Port device team_slave_1 added [ 78.498546][ T7644] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 78.500734][ T7644] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.508778][ T7644] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 78.512908][ T7644] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 78.515300][ T7644] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 78.523168][ T7644] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 78.551328][ T1139] tipc: Left network mode [ 78.574136][ T7644] hsr_slave_0: entered promiscuous mode [ 78.576431][ T7644] hsr_slave_1: entered promiscuous mode [ 78.578755][ T7644] debugfs: 'hsr0' already exists in 'hsr' [ 78.580557][ T7644] Cannot create hsr debugfs directory [ 78.582568][ T7658] @: renamed from vlan0 (while UP) [ 78.675022][ T1139] mac80211_hwsim hwsim4 wlan0 (unregistering): left allmulticast mode [ 78.754879][ T1139] hsr_slave_0: left promiscuous mode [ 78.757441][ T1139] hsr_slave_1: left promiscuous mode [ 78.759823][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 78.762690][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 78.766465][ T1139] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 78.769356][ T1139] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 78.786021][ T1139] veth1_macvtap: left promiscuous mode [ 78.788212][ T1139] veth0_macvtap: left promiscuous mode [ 78.790444][ T1139] veth1_vlan: left promiscuous mode [ 78.792536][ T1139] veth0_vlan: left promiscuous mode [ 78.845523][ T7666] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 79.256278][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 79.289181][ T1139] team0 (unregistering): Port device team_slave_1 removed [ 79.314945][ T7679] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 79.317207][ T7679] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 79.324002][ T7679] vhci_hcd vhci_hcd.0: Device attached [ 79.355676][ T1139] team0 (unregistering): Port device team_slave_0 removed [ 79.454277][ T5982] Bluetooth: hci3: command tx timeout [ 79.574181][ T1458] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 79.576677][ T1327] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 79.744248][ T1458] usb 7-1: Using ep0 maxpacket: 16 [ 79.747176][ T1458] usb 7-1: config 0 has no interfaces? [ 79.748922][ T1458] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 79.751771][ T1458] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 79.755900][ T1458] usb 7-1: config 0 descriptor?? [ 79.962513][ T7680] usb 41-1: recv xbuf, 0 [ 79.965811][ T840] usb 7-1: USB disconnect, device number 4 [ 79.967968][ T60] vhci_hcd: stop threads [ 79.969649][ T60] vhci_hcd: release socket [ 79.973424][ T60] vhci_hcd: disconnect device [ 80.004370][ T5982] Bluetooth: hci1: command tx timeout [ 80.044444][ T1327] vhci_hcd: vhci_device speed not set [ 80.101669][ T7644] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 80.106787][ T7644] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 80.117072][ T7644] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 80.121120][ T7644] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 80.163269][ T7644] 8021q: adding VLAN 0 to HW filter on device bond0 [ 80.172603][ T7644] 8021q: adding VLAN 0 to HW filter on device team0 [ 80.181702][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 80.184107][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 80.188660][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 80.190959][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 80.293598][ T7644] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 80.323226][ T7644] veth0_vlan: entered promiscuous mode [ 80.334248][ T7644] veth1_vlan: entered promiscuous mode [ 80.348721][ T7644] veth0_macvtap: entered promiscuous mode [ 80.353020][ T7644] veth1_macvtap: entered promiscuous mode [ 80.362733][ T7644] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 80.369041][ T7644] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 80.375470][ T12] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.378604][ T12] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.381364][ T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.387128][ T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 80.418402][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.420826][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.437196][ T1177] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 80.439820][ T1177] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 80.507932][ T7721] netlink: 92 bytes leftover after parsing attributes in process `syz.1.703'. [ 80.538385][ T40] audit: type=1326 audit(1755019654.921:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7722 comm="syz.1.704" exe="/syz-executor" sig=31 arch=40000003 syscall=20 compat=1 ip=0xf7f57579 code=0x0 [ 80.724533][ T5800] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 80.885856][ T5800] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 80.889322][ T5800] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 80.892741][ T5800] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 80.896187][ T5800] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 80.901456][ T5800] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 80.904511][ T5800] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 80.907106][ T5800] usb 9-1: Manufacturer: syz [ 80.909819][ T5800] usb 9-1: config 0 descriptor?? [ 80.924205][ T10] usb 8-1: new high-speed USB device number 5 using dummy_hcd [ 81.085310][ T10] usb 8-1: config 0 has no interfaces? [ 81.087440][ T10] usb 8-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 81.090260][ T10] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 81.093846][ T10] usb 8-1: config 0 descriptor?? [ 81.128069][ T53] cfg80211: failed to load regulatory.db [ 81.309206][ T53] usb 8-1: USB disconnect, device number 5 [ 81.320532][ T5800] appleir 0003:05AC:8243.0008: unknown main item tag 0x0 [ 81.326698][ T5800] appleir 0003:05AC:8243.0008: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 81.534695][ T5982] Bluetooth: hci3: command tx timeout [ 82.084101][ T5982] Bluetooth: hci1: command tx timeout [ 82.232545][ T7802] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.737'. [ 82.729009][ T7781] Set syz1 is full, maxelem 65536 reached [ 83.416293][ T9] usb 9-1: USB disconnect, device number 2 [ 83.494413][ T24] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 83.612332][ T7872] trusted_key: syz.1.765 sent an empty control message without MSG_MORE. [ 83.644439][ T24] usb 8-1: Using ep0 maxpacket: 16 [ 83.649861][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 83.653220][ T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 83.656518][ T24] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 83.660759][ T24] usb 8-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 83.663580][ T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.668398][ T24] usb 8-1: config 0 descriptor?? [ 83.676608][ T7876] netlink: 'syz.2.768': attribute type 10 has an invalid length. [ 83.683120][ T7876] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 84.079096][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 84.081296][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 84.083469][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 84.085555][ T7894] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.776'. [ 84.086308][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 84.090885][ T24] shield 0003:0955:7214.0009: unknown main item tag 0x0 [ 84.095030][ T24] input: HID 0955:7214 Haptics as /devices/virtual/input/input14 [ 84.109415][ T24] shield 0003:0955:7214.0009: Registered Thunderstrike controller [ 84.112121][ T24] shield 0003:0955:7214.0009: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.3-1/input0 [ 84.119556][ T40] audit: type=1326 audit(1755019658.501:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.4.778" exe="/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f16579 code=0x0 [ 84.174282][ T5982] Bluetooth: hci1: command tx timeout [ 84.281089][ T7849] netlink: 'syz.3.756': attribute type 2 has an invalid length. [ 84.283633][ T7849] netlink: 224 bytes leftover after parsing attributes in process `syz.3.756'. [ 84.288856][ T5800] usb 8-1: USB disconnect, device number 6 [ 84.289061][ T6026] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 84.294633][ T6026] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 84.298048][ T6026] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 84.301460][ T6026] shield 0003:0955:7214.0009: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV [ 84.372037][ T7896] syz.2.777 (7896): drop_caches: 2 [ 85.376651][ T7939] netlink: 830 bytes leftover after parsing attributes in process `syz.4.794'. [ 85.640534][ T7907] Set syz1 is full, maxelem 65536 reached [ 85.754114][ T10] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 85.904243][ T10] usb 9-1: Using ep0 maxpacket: 8 [ 85.907094][ T10] usb 9-1: config index 0 descriptor too short (expected 301, got 45) [ 85.910394][ T10] usb 9-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 85.913480][ T10] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 85.916891][ T10] usb 9-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 85.920483][ T10] usb 9-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 85.925437][ T10] usb 9-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 85.928530][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 86.141378][ T10] usb 9-1: GET_CAPABILITIES returned 0 [ 86.143173][ T10] usbtmc 9-1:16.0: can't read capabilities [ 86.245077][ T5982] Bluetooth: hci1: command tx timeout [ 86.364405][ T6155] usb 9-1: USB disconnect, device number 3 [ 86.492198][ T7990] syzkaller1: entered promiscuous mode [ 86.493835][ T7992] netlink: 240 bytes leftover after parsing attributes in process `syz.1.815'. [ 86.493979][ T7990] syzkaller1: entered allmulticast mode [ 86.647592][ T8008] unknown channel width for channel at 909000KHz? [ 86.649615][ T8008] unknown channel width for channel at 909000KHz? [ 86.661730][ T8011] netlink: 24 bytes leftover after parsing attributes in process `syz.3.827'. [ 86.838867][ T8023] netlink: 'syz.2.832': attribute type 1 has an invalid length. [ 86.841294][ T8023] netlink: 'syz.2.832': attribute type 4 has an invalid length. [ 86.843621][ T8023] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.832'. [ 87.175701][ T8053] input: syz1 as /devices/virtual/input/input15 [ 87.682604][ T8088] netlink: 4 bytes leftover after parsing attributes in process `syz.3.859'. [ 87.881685][ T8100] IPv4: Oversized IP packet from 127.202.26.0 [ 88.828678][ T8161] overlay: filesystem on ./bus not supported as upperdir [ 88.881219][ T8163] netlink: 'syz.1.892': attribute type 1 has an invalid length. [ 88.929672][ T8168] netlink: 51 bytes leftover after parsing attributes in process `syz.4.894'. [ 88.936812][ T8166] netlink: 28 bytes leftover after parsing attributes in process `syz.2.893'. [ 89.432189][ T8214] tipc: Started in network mode [ 89.433797][ T8214] tipc: Node identity 0658406b827c, cluster identity 4711 [ 89.437067][ T8214] tipc: Enabled bearer , priority 0 [ 89.440848][ T8214] tipc: Disabling bearer [ 89.761213][ T8235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.924'. [ 89.808782][ T8239] nullb0: AHDI p1 [ 89.849712][ T8243] vxcan0: tx address claim with dest, not broadcast [ 90.348045][ T8292] loop7: detected capacity change from 0 to 7 [ 90.396401][ T8297] bridge1: entered allmulticast mode [ 90.402733][ T8300] "syz.1.952" (8300) uses obsolete ecb(arc4) skcipher [ 90.452668][ T8292] Dev loop7: unable to read RDB block 7 [ 90.454710][ T8292] loop7: unable to read partition table [ 90.456474][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 90.456624][ T8292] loop7: partition table beyond EOD, [ 90.459508][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 90.460010][ C2] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 90.461261][ T8292] truncated [ 90.463791][ C2] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 90.470503][ T8292] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 90.781980][ T8322] bridge_slave_0: left allmulticast mode [ 90.783825][ T8322] bridge_slave_0: left promiscuous mode [ 90.785978][ T8322] bridge0: port 1(bridge_slave_0) entered disabled state [ 90.791554][ T8322] bridge_slave_1: left allmulticast mode [ 90.793410][ T8322] bridge_slave_1: left promiscuous mode [ 90.795654][ T8322] bridge0: port 2(bridge_slave_1) entered disabled state [ 90.800517][ T8322] bond0: (slave bond_slave_0): Releasing backup interface [ 90.809346][ T8322] bond0: (slave bond_slave_1): Releasing backup interface [ 90.818348][ T8322] team0: Port device team_slave_0 removed [ 90.825411][ T8322] team0: Port device team_slave_1 removed [ 90.827629][ T8322] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 90.829927][ T8322] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 90.833410][ T8322] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 90.836095][ T8322] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 91.057508][ T8342] input: syz0 as /devices/virtual/input/input16 [ 91.141744][ T8354] loop7: detected capacity change from 0 to 7 [ 91.145175][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.148549][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.151186][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.154547][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.157161][ C1] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.160053][ C1] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.162647][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.165614][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.168291][ C2] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.171223][ C2] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.174002][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.176960][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.179667][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.182517][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.185031][ T8354] ldm_validate_partition_table(): Disk read failed. [ 91.187306][ C3] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 91.190189][ C3] Buffer I/O error on dev loop7, logical block 0, async page read [ 91.193010][ T8354] Dev loop7: unable to read RDB block 0 [ 91.196175][ T8354] loop7: unable to read partition table [ 91.198023][ T8354] loop7: partition table beyond EOD, truncated [ 91.199945][ T8354] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 91.776175][ T8406] netlink: 'syz.4.998': attribute type 1 has an invalid length. [ 91.788721][ T8406] 8021q: adding VLAN 0 to HW filter on device bond1 [ 91.809363][ T8406] bond1: (slave geneve2): making interface the new active one [ 91.813145][ T8406] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 92.128427][ T8367] overlayfs: statfs failed on './file0' [ 92.223120][ T8440] Invalid ELF header magic: != ELF [ 92.272646][ T8442] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1014'. [ 92.305492][ T8444] syzkaller1: entered promiscuous mode [ 92.307250][ T8444] syzkaller1: entered allmulticast mode [ 92.404127][ T6155] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 92.564134][ T6155] usb 6-1: Using ep0 maxpacket: 16 [ 92.567018][ T6155] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 92.569522][ T6155] usb 6-1: config 0 has no interface number 0 [ 92.571536][ T6155] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 92.575096][ T6155] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 92.579275][ T6155] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 92.582171][ T6155] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 92.585869][ T6155] usb 6-1: Product: syz [ 92.587314][ T6155] usb 6-1: SerialNumber: syz [ 92.590170][ T6155] usb 6-1: config 0 descriptor?? [ 92.593568][ T6155] cm109 6-1:0.8: invalid payload size 0, expected 4 [ 92.596685][ T6155] input: CM109 USB driver as /devices/platform/dummy_hcd.1/usb6/6-1/6-1:0.8/input/input17 [ 92.798189][ C1] cm109 6-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 92.804257][ T61] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 92.955824][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.959206][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.962378][ T61] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 92.968102][ T61] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 92.970930][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.974291][ T10] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 92.974720][ T61] usb 7-1: config 0 descriptor?? [ 93.018743][ C3] cm109 6-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 93.019229][ T6155] usb 6-1: USB disconnect, device number 5 [ 93.020904][ C3] cm109 6-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 93.027695][ T6155] cm109 6-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 93.125650][ T10] usb 9-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 93.129193][ T10] usb 9-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 93.132257][ T10] usb 9-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 93.136170][ T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 93.140390][ T8457] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 93.144955][ T10] usb 9-1: Quirk or no altset; falling back to MIDI 1.0 [ 93.348692][ T1458] usb 9-1: USB disconnect, device number 4 [ 93.387838][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.390263][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.392631][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.395308][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.397616][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.399930][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.402333][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.404704][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.407111][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.409372][ T61] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 93.413515][ T61] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 93.647498][ T1458] usb 7-1: USB disconnect, device number 5 [ 93.860532][ T8504] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1040'. [ 94.598629][ T8559] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.1067'. [ 95.203099][ T8583] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 95.210880][ T8583] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 95.219166][ T8583] bond0 (unregistering): Released all slaves [ 95.577555][ T8610] all: renamed from bridge_slave_0 (while UP) [ 95.688378][ T8632] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1100'. [ 95.713351][ T8635] syzkaller1: entered promiscuous mode [ 95.716763][ T8635] syzkaller1: entered allmulticast mode [ 95.907643][ T8650] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 95.910923][ T8650] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 95.961017][ T8657] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1110'. [ 97.017972][ T8700] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1127'. [ 97.025842][ T8700] vxlan0: entered promiscuous mode [ 97.028665][ T12] netdevsim netdevsim2 eth0: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.031160][ T12] netdevsim netdevsim2 eth1: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.033656][ T12] netdevsim netdevsim2 eth2: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.036381][ T12] netdevsim netdevsim2 eth3: set [0, 0] type 1 family 0 port 8472 - 0 [ 97.942675][ T97] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 97.947416][ T97] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.004291][ T5982] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 98.047079][ T97] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 98.050302][ T97] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.117693][ T97] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 98.120824][ T97] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.132248][ T5982] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 98.135694][ T5982] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 98.138544][ T5982] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 98.142390][ T5982] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 98.145292][ T5982] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 98.194299][ T97] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 98.197520][ T97] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 98.295007][ T8730] chnl_net:caif_netlink_parms(): no params data found [ 98.455294][ T97] bridge_slave_1: left allmulticast mode [ 98.457113][ T97] bridge_slave_1: left promiscuous mode [ 98.458909][ T97] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.462702][ T97] bridge_slave_0: left allmulticast mode [ 98.465041][ T97] bridge_slave_0: left promiscuous mode [ 98.466828][ T97] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.907047][ T8730] bridge0: port 1(bridge_slave_0) entered blocking state [ 98.909544][ T8730] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.911869][ T8730] bridge_slave_0: entered allmulticast mode [ 98.914625][ T8730] bridge_slave_0: entered promiscuous mode [ 98.917564][ T8774] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1159'. [ 98.920341][ T8774] netem: change failed [ 98.925836][ T8730] bridge0: port 2(bridge_slave_1) entered blocking state [ 98.928766][ T8730] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.931789][ T8730] bridge_slave_1: entered allmulticast mode [ 98.935669][ T8730] bridge_slave_1: entered promiscuous mode [ 98.978384][ T8730] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 98.983325][ T8730] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 99.039515][ T8730] team0: Port device team_slave_0 added [ 99.042745][ T8730] team0: Port device team_slave_1 added [ 99.073861][ T8730] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 99.078365][ T8730] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.086375][ T8730] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 99.090657][ T8730] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 99.092787][ T8730] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 99.106325][ T8730] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 99.168189][ T8730] hsr_slave_0: entered promiscuous mode [ 99.170466][ T8730] hsr_slave_1: entered promiscuous mode [ 99.172472][ T8730] debugfs: 'hsr0' already exists in 'hsr' [ 99.174383][ T8730] Cannot create hsr debugfs directory [ 99.293980][ T97] hsr_slave_0: left promiscuous mode [ 99.296360][ T97] hsr_slave_1: left promiscuous mode [ 99.298346][ T97] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 99.300598][ T97] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 99.303203][ T97] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 99.305571][ T97] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 99.322492][ T97] veth1_macvtap: left promiscuous mode [ 99.324609][ T97] veth0_macvtap: left promiscuous mode [ 99.569745][ T8816] binder: 8815:8816 ioctl c0306201 800003c0 returned -14 [ 99.597827][ T8819] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1178'. [ 99.759610][ T97] team0 (unregistering): Port device team_slave_1 removed [ 99.824552][ T97] team0 (unregistering): Port device team_slave_0 removed [ 100.166913][ T5339] Bluetooth: hci0: command tx timeout [ 100.306626][ T8730] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 100.311889][ T8730] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 100.325787][ T8730] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 100.333916][ T8730] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 100.365685][ T8836] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 100.385498][ T8730] 8021q: adding VLAN 0 to HW filter on device bond0 [ 100.394367][ T8730] 8021q: adding VLAN 0 to HW filter on device team0 [ 100.400107][ T46] bridge0: port 1(bridge_slave_0) entered blocking state [ 100.402345][ T46] bridge0: port 1(bridge_slave_0) entered forwarding state [ 100.417008][ T1177] bridge0: port 2(bridge_slave_1) entered blocking state [ 100.419183][ T1177] bridge0: port 2(bridge_slave_1) entered forwarding state [ 100.445410][ T8730] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 100.534201][ T8730] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 100.675773][ T8730] veth0_vlan: entered promiscuous mode [ 100.681987][ T8730] veth1_vlan: entered promiscuous mode [ 100.702695][ T8730] veth0_macvtap: entered promiscuous mode [ 100.708913][ T8730] veth1_macvtap: entered promiscuous mode [ 100.721291][ T8730] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 100.729729][ T8730] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 100.735918][ T46] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.739188][ T46] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.743097][ T46] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.746520][ T46] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 100.786866][ T1139] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.789266][ T1139] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.812582][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.815126][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.963706][ T8881] "syz.3.1196" (8881) uses obsolete ecb(arc4) skcipher [ 100.996352][ T840] usb 9-1: new high-speed USB device number 5 using dummy_hcd [ 101.104164][ T5800] psmouse serio5: Failed to reset mouse on : -5 [ 101.155492][ T840] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 101.159043][ T840] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.162309][ T840] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.165854][ T840] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 101.170464][ T840] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 101.173156][ T840] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 101.175715][ T840] usb 9-1: Manufacturer: syz [ 101.178225][ T840] usb 9-1: config 0 descriptor?? [ 101.589423][ T840] hid_parser_main: 5 callbacks suppressed [ 101.589437][ T840] appleir 0003:05AC:8243.000B: unknown main item tag 0x0 [ 101.596088][ T840] appleir 0003:05AC:8243.000B: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 101.672225][ T8899] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 101.851105][ T6155] usb 9-1: USB disconnect, device number 5 [ 102.244235][ T5339] Bluetooth: hci0: command tx timeout [ 102.324528][ T1139] wlan1: Trigger new scan to find an IBSS to join [ 102.390820][ T8917] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 102.392853][ T8917] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 102.396015][ T8917] vhci_hcd vhci_hcd.0: Device attached [ 102.624284][ T7509] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 102.634267][ T6155] usb 45-1: new low-speed USB device number 2 using vhci_hcd [ 102.637190][ T53] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 102.775430][ T7509] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.778635][ T7509] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 102.781519][ T7509] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 102.785593][ T7509] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 102.788415][ T7509] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.792156][ T7509] usb 8-1: config 0 descriptor?? [ 102.794243][ T53] usb 9-1: Using ep0 maxpacket: 16 [ 102.798527][ T53] usb 9-1: config 0 has no interfaces? [ 102.800843][ T53] usb 9-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 102.804441][ T53] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.807970][ T53] usb 9-1: config 0 descriptor?? [ 103.013893][ T8919] usb 45-1: recv xbuf, 0 [ 103.015871][ T1139] vhci_hcd: stop threads [ 103.016696][ T1458] usb 9-1: USB disconnect, device number 6 [ 103.017316][ T1139] vhci_hcd: release socket [ 103.020951][ T1139] vhci_hcd: disconnect device [ 103.084205][ T6155] vhci_hcd: vhci_device speed not set [ 103.203711][ T7509] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 103.456835][ T840] usb 8-1: USB disconnect, device number 7 [ 103.740515][ T1458] libceph: connect (1)[c::]:6789 error -101 [ 103.742419][ T1458] libceph: mon0 (1)[c::]:6789 connect error [ 103.792136][ T7509] libceph: connect (1)[b::]:6789 error -101 [ 103.794217][ T7509] libceph: mon0 (1)[b::]:6789 connect error [ 104.004370][ T1458] libceph: connect (1)[c::]:6789 error -101 [ 104.006378][ T1458] libceph: mon0 (1)[c::]:6789 connect error [ 104.054349][ T7509] libceph: connect (1)[b::]:6789 error -101 [ 104.056333][ T7509] libceph: mon0 (1)[b::]:6789 connect error [ 104.324163][ T5339] Bluetooth: hci0: command tx timeout [ 104.484228][ T7509] usb 9-1: new high-speed USB device number 7 using dummy_hcd [ 104.514292][ T1327] libceph: connect (1)[c::]:6789 error -101 [ 104.516345][ T1327] libceph: mon0 (1)[c::]:6789 connect error [ 104.564469][ T10] libceph: connect (1)[b::]:6789 error -101 [ 104.566507][ T10] libceph: mon0 (1)[b::]:6789 connect error [ 104.571881][ T8941] ceph: No mds server is up or the cluster is laggy [ 104.571902][ T8946] ceph: No mds server is up or the cluster is laggy [ 104.644130][ T7509] usb 9-1: Using ep0 maxpacket: 16 [ 104.647148][ T7509] usb 9-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 104.650548][ T7509] usb 9-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.653898][ T7509] usb 9-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.657167][ T7509] usb 9-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 104.661225][ T7509] usb 9-1: config 7 interface 0 has no altsetting 0 [ 104.663315][ T7509] usb 9-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 104.666254][ T7509] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.678325][ T7509] usb 9-1: can't set config #7, error -71 [ 104.681546][ T7509] usb 9-1: USB disconnect, device number 7 [ 104.921008][ T5800] misc userio: Buffer overflowed, userio client isn't keeping up [ 104.976426][ T8998] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.1246'. [ 105.174135][ T6026] usb 7-1: new high-speed USB device number 6 using dummy_hcd [ 105.325272][ T6026] usb 7-1: Using ep0 maxpacket: 16 [ 105.326559][ T6026] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 105.326574][ T6026] usb 7-1: config 0 has no interface number 0 [ 105.326593][ T6026] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 105.326606][ T6026] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 105.327698][ T6026] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 105.343091][ T6026] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 105.343104][ T6026] usb 7-1: Product: syz [ 105.343112][ T6026] usb 7-1: SerialNumber: syz [ 105.344284][ T6026] usb 7-1: config 0 descriptor?? [ 105.351573][ T6026] cm109 7-1:0.8: invalid payload size 0, expected 4 [ 105.354659][ T6026] input: CM109 USB driver as /devices/platform/dummy_hcd.2/usb7/7-1/7-1:0.8/input/input19 [ 105.786431][ C2] cm109 7-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 105.786511][ T1327] usb 7-1: USB disconnect, device number 6 [ 105.788594][ C2] cm109 7-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 105.797166][ T1327] cm109 7-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 105.995099][ T5800] input: PS/2 Generic Mouse as /devices/serio5/input/input18 [ 106.034169][ T10] usb 9-1: new high-speed USB device number 8 using dummy_hcd [ 106.187708][ T10] usb 9-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 106.190898][ T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.193426][ T10] usb 9-1: Product: syz [ 106.194917][ T10] usb 9-1: Manufacturer: syz [ 106.196408][ T10] usb 9-1: SerialNumber: syz [ 106.199219][ T10] usb 9-1: config 0 descriptor?? [ 106.214190][ T5800] psmouse serio5: Failed to enable mouse on [ 106.411356][ T840] usb 9-1: USB disconnect, device number 8 [ 106.414284][ T5339] Bluetooth: hci0: command tx timeout [ 106.494504][ T1458] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 106.674115][ T1458] usb 10-1: Using ep0 maxpacket: 16 [ 106.677009][ T1458] usb 10-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 106.680197][ T1458] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.683568][ T1458] usb 10-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.686689][ T1458] usb 10-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 106.690734][ T1458] usb 10-1: config 7 interface 0 has no altsetting 0 [ 106.692844][ T1458] usb 10-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 106.695780][ T1458] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.864277][ T5800] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 107.014305][ T5800] usb 8-1: Using ep0 maxpacket: 16 [ 107.017289][ T5800] usb 8-1: config 0 has an invalid interface number: 8 but max is 0 [ 107.019788][ T5800] usb 8-1: config 0 has no interface number 0 [ 107.021699][ T5800] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 107.025115][ T5800] usb 8-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 107.029327][ T5800] usb 8-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 107.032145][ T5800] usb 8-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 107.034726][ T5800] usb 8-1: Product: syz [ 107.036052][ T5800] usb 8-1: SerialNumber: syz [ 107.038587][ T5800] usb 8-1: config 0 descriptor?? [ 107.041794][ T5800] cm109 8-1:0.8: invalid payload size 0, expected 4 [ 107.044890][ T5800] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb8/8-1/8-1:0.8/input/input20 [ 107.113314][ T1458] input: HID 0458:5010 as /devices/platform/dummy_hcd.5/usb10/10-1/10-1:7.0/0003:0458:5010.000D/input/input21 [ 107.119859][ T1458] kye 0003:0458:5010.000D: input,hiddev0,hidraw1: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.5-1/input0 [ 107.247014][ C1] cm109 8-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 107.277581][ T9066] Bluetooth: MGMT ver 1.23 [ 107.296941][ T13] wlan1: Trigger new scan to find an IBSS to join [ 107.451836][ T9074] netlink: 212376 bytes leftover after parsing attributes in process `syz.2.1288'. [ 107.482586][ C3] cm109 8-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 107.482954][ T5800] usb 8-1: USB disconnect, device number 8 [ 107.484790][ C3] cm109 8-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 107.485047][ T1327] delete_channel: no stack [ 107.493284][ T5800] cm109 8-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 107.520523][ T9081] netlink: 'syz.4.1282': attribute type 10 has an invalid length. [ 107.529568][ T9081] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 107.916327][ T9099] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.025124][ T9099] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.106177][ T9099] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.164894][ C3] kye 0003:0458:5010.000D: usb_submit_urb(ctrl) failed: -1 [ 108.173630][ T9099] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 108.204731][ T97] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 108.233847][ T97] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.243870][ T97] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.257526][ T97] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.265267][ T97] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 108.317587][ T6026] usb 7-1: new high-speed USB device number 7 using dummy_hcd [ 108.333263][ T9105] wireguard0: entered promiscuous mode [ 108.335226][ T9105] wireguard0: entered allmulticast mode [ 108.338980][ T1327] delete_channel: no stack [ 108.472886][ T6026] usb 7-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 108.476096][ T6026] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.478632][ T6026] usb 7-1: Product: syz [ 108.480073][ T6026] usb 7-1: Manufacturer: syz [ 108.481548][ T6026] usb 7-1: SerialNumber: syz [ 108.484516][ T6026] usb 7-1: config 0 descriptor?? [ 108.697770][ T6026] usb 7-1: USB disconnect, device number 7 [ 108.706178][ T1327] hid-generic 0000:0D17:0000.000E: unknown main item tag 0x0 [ 108.708628][ T1327] hid-generic 0000:0D17:0000.000E: unknown main item tag 0x0 [ 108.713573][ T1327] hid-generic 0000:0D17:0000.000E: hidraw2: HID v0.00 Device [syz0] on syz1 [ 108.739950][ T9118] "syz.5.1297" (9118) uses obsolete ecb(arc4) skcipher [ 108.954895][ T7509] usb 10-1: USB disconnect, device number 2 [ 109.648423][ T9135] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.655333][ T10] psmouse serio6: Failed to reset mouse on : -5 [ 109.740542][ T9142] netlink: 830 bytes leftover after parsing attributes in process `syz.5.1308'. [ 109.774417][ T9135] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.825754][ T9135] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.889125][ T9135] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 109.982878][ T13] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 109.994267][ T97] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.006595][ T97] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.017949][ T97] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 110.354234][ T5800] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 110.515491][ T5800] usb 8-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 110.519014][ T5800] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 110.522482][ T5800] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 110.525714][ T5800] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 110.531889][ T5800] usb 8-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 110.534860][ T5800] usb 8-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 110.537523][ T5800] usb 8-1: Manufacturer: syz [ 110.540812][ T5800] usb 8-1: config 0 descriptor?? [ 110.634528][ T1458] hid-generic 0000:0D17:0000.000F: unknown main item tag 0x0 [ 110.636921][ T1458] hid-generic 0000:0D17:0000.000F: unknown main item tag 0x0 [ 110.640027][ T1458] hid-generic 0000:0D17:0000.000F: hidraw1: HID v0.00 Device [syz0] on syz1 [ 110.953071][ T5800] appleir 0003:05AC:8243.0010: unknown main item tag 0x0 [ 110.957224][ T5800] appleir 0003:05AC:8243.0010: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 111.207444][ T6026] usb 8-1: USB disconnect, device number 9 [ 111.589919][ T9182] cgroup: fork rejected by pids controller in /syz4 [ 111.814171][ T6155] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 111.965554][ T6155] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.969094][ T6155] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.972201][ T6155] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 111.976405][ T6155] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 111.979272][ T6155] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.982963][ T6155] usb 10-1: config 0 descriptor?? [ 112.393691][ T6155] plantronics 0003:047F:FFFF.0011: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 112.641989][ T13] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.657218][ T9] usb 10-1: USB disconnect, device number 3 [ 112.699387][ T13] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.770087][ T13] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.822655][ T5982] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 112.826344][ T5982] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 112.829411][ T5982] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 112.833525][ T5982] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 112.838909][ T5982] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 112.843387][ T13] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 112.947502][ T9189] chnl_net:caif_netlink_parms(): no params data found [ 113.096924][ T13] bond1 (unregistering): (slave geneve2): Releasing active interface [ 113.330489][ T13] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 113.334258][ T13] bond0 (unregistering): Released all slaves [ 113.396294][ T13] bond1 (unregistering): Released all slaves [ 113.442444][ T9199] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.451958][ T9189] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.454451][ T9189] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.456724][ T9189] bridge_slave_0: entered allmulticast mode [ 113.459442][ T9189] bridge_slave_0: entered promiscuous mode [ 113.462534][ T9189] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.464885][ T9189] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.467127][ T9189] bridge_slave_1: entered allmulticast mode [ 113.469711][ T9189] bridge_slave_1: entered promiscuous mode [ 113.485725][ T10] misc userio: Buffer overflowed, userio client isn't keeping up [ 113.490221][ T13] tipc: Left network mode [ 113.521729][ T9189] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 113.527716][ T9189] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 113.539308][ T9199] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.573762][ T9189] team0: Port device team_slave_0 added [ 113.578460][ T9189] team0: Port device team_slave_1 added [ 113.621179][ T9189] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 113.624259][ T9189] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.634461][ T9189] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 113.647633][ T9199] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 113.659395][ T9189] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 113.662150][ T9189] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 113.670168][ T9189] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 113.686334][ T13] hsr_slave_0: left promiscuous mode [ 113.688411][ T13] hsr_slave_1: left promiscuous mode [ 113.702121][ T13] veth1_macvtap: left promiscuous mode [ 113.703956][ T13] veth0_macvtap: left promiscuous mode [ 113.705933][ T13] veth1_vlan: left promiscuous mode [ 113.708801][ T13] veth0_vlan: left promiscuous mode [ 114.549634][ T10] input: PS/2 Generic Mouse as /devices/serio6/input/input22 [ 114.678688][ T9199] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 114.713322][ T9189] hsr_slave_0: entered promiscuous mode [ 114.715674][ T9189] hsr_slave_1: entered promiscuous mode [ 114.764103][ T10] psmouse serio6: Failed to enable mouse on [ 114.844328][ T12] netdevsim netdevsim5 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.865242][ T1139] netdevsim netdevsim5 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.881249][ T1139] netdevsim netdevsim5 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.884264][ T46] netdevsim netdevsim5 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 114.884723][ T5982] Bluetooth: hci3: command tx timeout [ 115.154123][ T10] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 115.267276][ T9189] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 115.272386][ T9189] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 115.276570][ T9189] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 115.280643][ T9189] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 115.306741][ T10] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 115.314136][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.317546][ T10] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.320565][ T10] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 115.326465][ T10] usb 10-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 115.329279][ T10] usb 10-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 115.331811][ T10] usb 10-1: Manufacturer: syz [ 115.334463][ T10] usb 10-1: config 0 descriptor?? [ 115.341714][ T9189] 8021q: adding VLAN 0 to HW filter on device bond0 [ 115.355643][ T9189] 8021q: adding VLAN 0 to HW filter on device team0 [ 115.360553][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 115.362821][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 115.368876][ T1139] bridge0: port 2(bridge_slave_1) entered blocking state [ 115.371182][ T1139] bridge0: port 2(bridge_slave_1) entered forwarding state [ 115.492431][ T9189] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 115.617775][ T9189] veth0_vlan: entered promiscuous mode [ 115.622453][ T9189] veth1_vlan: entered promiscuous mode [ 115.637274][ T9189] veth0_macvtap: entered promiscuous mode [ 115.641081][ T9189] veth1_macvtap: entered promiscuous mode [ 115.652781][ T9189] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.660633][ T9189] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.669029][ T1177] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.671829][ T1177] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.676385][ T1177] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.679260][ T1177] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.718950][ T1177] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.721466][ T1177] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.735687][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 115.738237][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 115.744942][ T10] appleir 0003:05AC:8243.0012: unknown main item tag 0x0 [ 115.748837][ T10] appleir 0003:05AC:8243.0012: hiddev0,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0 [ 115.868572][ T9233] netlink: 'syz.3.1338': attribute type 1 has an invalid length. [ 115.871064][ T9233] netlink: 'syz.3.1338': attribute type 4 has an invalid length. [ 115.873551][ T9233] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1338'. [ 115.912319][ T9238] netlink: 'syz.3.1341': attribute type 10 has an invalid length. [ 115.918540][ T9238] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.922398][ T9238] bridge_slave_1: left allmulticast mode [ 115.925060][ T9238] bridge_slave_1: left promiscuous mode [ 115.927727][ T9238] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.935989][ T9238] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 116.009220][ T1472] usb 10-1: USB disconnect, device number 4 [ 116.964238][ T5982] Bluetooth: hci3: command tx timeout [ 117.554951][ T9270] netlink: 'syz.5.1351': attribute type 10 has an invalid length. [ 117.559626][ T9270] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.562356][ T9270] bridge_slave_1: left allmulticast mode [ 117.565550][ T9270] bridge_slave_1: left promiscuous mode [ 117.567611][ T9270] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.575089][ T9270] bond0: (slave bridge_slave_1): Enslaving as an active interface with an up link [ 119.044185][ T5982] Bluetooth: hci3: command tx timeout [ 120.231830][ T9381] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1398'. [ 120.256087][ T1472] usb 9-1: new high-speed USB device number 9 using dummy_hcd [ 120.407814][ T1472] usb 9-1: config index 0 descriptor too short (expected 45, got 36) [ 120.411843][ T1472] usb 9-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 120.416782][ T1472] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 120.421219][ T1472] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 120.425275][ T1472] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 120.430588][ T1472] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 120.434458][ T1472] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.439644][ T1472] usb 9-1: config 0 descriptor?? [ 120.442550][ T9368] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 120.853568][ T1472] plantronics 0003:047F:FFFF.0013: reserved main item tag 0xd [ 120.859643][ T1472] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 121.118011][ T1472] usb 9-1: USB disconnect, device number 9 [ 121.125242][ T5982] Bluetooth: hci3: command tx timeout [ 121.744069][ T9400] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1408'. [ 121.988706][ T9407] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1410'. [ 122.069076][ T9409] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 122.077562][ T9409] bond0 (unregistering): Released all slaves [ 122.341083][ T9435] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1423'. [ 122.608734][ T9452] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 122.616518][ T9452] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 122.620945][ T9452] bond0 (unregistering): (slave bridge_slave_1): Releasing backup interface [ 122.625077][ T9452] bond0 (unregistering): Released all slaves [ 122.663392][ T9454] loop7: detected capacity change from 0 to 7 [ 122.745820][ T9463] netlink: 'syz.4.1434': attribute type 2 has an invalid length. [ 122.748266][ T9463] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1434'. [ 122.867513][ T9464] support for the xor transformation has been removed. [ 122.867514][ T9454] Dev loop7: unable to read RDB block 7 [ 122.867538][ T9454] loop7: unable to read partition table [ 122.870915][ C0] blk_print_req_error: 8 callbacks suppressed [ 122.870925][ C0] invalid error, dev loop7, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 1 prio class 2 [ 122.871853][ T9454] loop7: partition table beyond EOD, [ 122.873466][ C0] buffer_io_error: 7 callbacks suppressed [ 122.873474][ C0] Buffer I/O error on dev loop7, logical block 0, lost async page write [ 122.885637][ T9454] truncated [ 122.886678][ T9454] loop_reread_partitions: partition scan of loop7 (Cj̖P=ý?}X %`ր{֐ȵ4FLQk݊) failed (rc=-5) [ 123.199795][ T9483] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 123.205604][ T9483] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 123.209430][ T9483] bond0 (unregistering): Released all slaves [ 123.548094][ T9505] syzkaller1: entered promiscuous mode [ 123.549930][ T9505] syzkaller1: entered allmulticast mode [ 124.544106][ T1458] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 124.705404][ T1458] usb 7-1: config index 0 descriptor too short (expected 45, got 36) [ 124.708286][ T1458] usb 7-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 124.712169][ T1458] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 124.715982][ T1458] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 124.719524][ T1458] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 124.723674][ T1458] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 124.727030][ T1458] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 124.730938][ T1458] usb 7-1: config 0 descriptor?? [ 124.733314][ T9541] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 125.142884][ T1458] plantronics 0003:047F:FFFF.0014: reserved main item tag 0xd [ 125.148179][ T1458] plantronics 0003:047F:FFFF.0014: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 125.155043][ T40] audit: type=1326 audit(1755019699.541:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9542 comm="syz.3.1468" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f55579 code=0x7fc00000 [ 125.183203][ T9584] bridge_slave_0: left allmulticast mode [ 125.185177][ T9584] bridge_slave_0: left promiscuous mode [ 125.187460][ T9584] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.196664][ T9584] team0: Port device team_slave_0 removed [ 125.200959][ T9584] team0: Port device team_slave_1 removed [ 125.202576][ T9586] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1486'. [ 125.203117][ T9584] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.207927][ T9584] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 125.210871][ T9584] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.213160][ T9584] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 125.396394][ T10] usb 7-1: USB disconnect, device number 8 [ 125.932712][ T9614] bridge_slave_0: left allmulticast mode [ 125.935358][ T9614] bridge_slave_0: left promiscuous mode [ 125.937582][ T9614] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.942450][ T9614] bond0: (slave bridge_slave_1): Releasing backup interface [ 125.947601][ T9614] bond0: (slave bond_slave_0): Releasing backup interface [ 125.951784][ T9614] bond0: (slave bond_slave_1): Releasing backup interface [ 125.959896][ T9614] team0: Port device team_slave_0 removed [ 125.964617][ T9614] team0: Port device team_slave_1 removed [ 125.966827][ T9614] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 125.969134][ T9614] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 125.972201][ T9614] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 125.974837][ T9614] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.292443][ T40] audit: type=1326 audit(1755019700.671:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9599 comm="syz.4.1493" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fe1579 code=0x7fc00000 [ 126.566776][ T9662] input: syz0 as /devices/virtual/input/input25 [ 127.224292][ T2299] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 127.375878][ T2299] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.379292][ T2299] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.382381][ T2299] usb 8-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 127.386542][ T2299] usb 8-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 127.389309][ T2299] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.393081][ T2299] usb 8-1: config 0 descriptor?? [ 127.806559][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.809031][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.812258][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.815872][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.818306][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.820726][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.823138][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.825962][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.828325][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.830743][ T2299] plantronics 0003:047F:FFFF.0015: unknown main item tag 0x0 [ 127.837788][ T2299] plantronics 0003:047F:FFFF.0015: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 128.075654][ T2299] usb 8-1: USB disconnect, device number 10 [ 128.682873][ T9728] ALSA: seq fatal error: cannot create timer (-16) [ 129.157585][ T9755] netlink: 'syz.3.1573': attribute type 1 has an invalid length. [ 129.172770][ T9755] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.189873][ T1177] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 129.196337][ T9755] bond0: (slave geneve2): making interface the new active one [ 129.199343][ T9755] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 129.284225][ T1327] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 129.364158][ T1177] wlan1: Trigger new scan to find an IBSS to join [ 129.436231][ T1327] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 129.439710][ T1327] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 129.442788][ T1327] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 129.446873][ T1327] usb 10-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 129.449887][ T1327] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.453890][ T1327] usb 10-1: config 0 descriptor?? [ 129.764332][ C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.870263][ T1327] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw1: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 130.126662][ T1327] usb 10-1: USB disconnect, device number 5 [ 130.219945][ T60] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 130.324259][ T60] wlan1: Trigger new scan to find an IBSS to join [ 130.649754][ T9787] netlink: 'syz.2.1579': attribute type 1 has an invalid length. [ 130.660474][ T9787] 8021q: adding VLAN 0 to HW filter on device bond0 [ 130.679302][ T9787] bond0: (slave geneve2): making interface the new active one [ 130.682218][ T9787] bond0: (slave geneve2): Enslaving as an active interface with an up link [ 131.364180][ T46] wlan1: Trigger new scan to find an IBSS to join [ 131.697092][ T9830] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1594'. [ 131.844402][ T9834] netlink: 'syz.5.1595': attribute type 1 has an invalid length. [ 131.856864][ T9834] 8021q: adding VLAN 0 to HW filter on device bond1 [ 131.875842][ T9834] bond1: (slave geneve2): making interface the new active one [ 131.879229][ T9834] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 131.973147][ T9849] [ 131.973992][ T9849] ===================================================== [ 131.976151][ T9849] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 131.978457][ T9849] 6.17.0-rc1-syzkaller-00014-g0e39a731820a #0 Not tainted [ 131.981250][ T9849] ----------------------------------------------------- [ 131.984077][ T9849] syz.4.1604/9849 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 131.986473][ T9849] ffff88807724a0c0 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x138/0x510 [ 131.989184][ T9849] [ 131.989184][ T9849] and this task is already holding: [ 131.991502][ T9849] ffff88805e0cd028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 131.994477][ T9849] which would create a new lock dependency: [ 131.996360][ T9849] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 131.998840][ T9849] [ 131.998840][ T9849] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 132.001746][ T9849] (&dev->event_lock#2){..-.}-{3:3} [ 132.001767][ T9849] [ 132.001767][ T9849] ... which became SOFTIRQ-irq-safe at: [ 132.005744][ T9849] lock_acquire+0x179/0x350 [ 132.007198][ T9849] _raw_spin_lock_irqsave+0x3a/0x60 [ 132.008850][ T9849] input_inject_event+0x9f/0x3b0 [ 132.010439][ T9849] kd_sound_helper+0x17a/0x280 [ 132.011979][ T9849] input_handler_for_each_handle+0xd7/0x250 [ 132.013868][ T9849] call_timer_fn+0x19a/0x620 [ 132.015366][ T9849] __run_timers+0x6ef/0x960 [ 132.016836][ T9849] run_timer_base+0x114/0x190 [ 132.018357][ T9849] run_timer_softirq+0x1a/0x40 [ 132.019899][ T9849] handle_softirqs+0x219/0x8e0 [ 132.021440][ T9849] __irq_exit_rcu+0x109/0x170 [ 132.022960][ T9849] irq_exit_rcu+0x9/0x30 [ 132.024336][ T9849] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 132.026162][ T9849] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.028084][ T9849] lock_acquire+0x62/0x350 [ 132.029531][ T9849] unwind_next_frame+0xd1/0x20a0 [ 132.031135][ T9849] arch_stack_walk+0x94/0x100 [ 132.032654][ T9849] stack_trace_save+0x8e/0xc0 [ 132.034181][ T9849] kasan_save_stack+0x33/0x60 [ 132.035715][ T9849] kasan_save_track+0x14/0x30 [ 132.037233][ T9849] __kasan_kmalloc+0xaa/0xb0 [ 132.038730][ T9849] __kmalloc_noprof+0x223/0x510 [ 132.040294][ T9849] lsm_blob_alloc+0x68/0x90 [ 132.041771][ T9849] security_sk_alloc+0x30/0x270 [ 132.043338][ T9849] sk_prot_alloc+0xfb/0x2a0 [ 132.044834][ T9849] sk_alloc+0x36/0xc20 [ 132.046165][ T9849] inet_create+0x3a1/0x1040 [ 132.047632][ T9849] __sock_create+0x335/0x8d0 [ 132.049126][ T9849] __sys_socket+0x14d/0x260 [ 132.050611][ T9849] __ia32_compat_sys_socketcall+0x5ca/0x770 [ 132.052507][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.054154][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.055735][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.057759][ T9849] [ 132.057759][ T9849] to a SOFTIRQ-irq-unsafe lock: [ 132.059930][ T9849] (tasklist_lock){.+.+}-{3:3} [ 132.059946][ T9849] [ 132.059946][ T9849] ... which became SOFTIRQ-irq-unsafe at: [ 132.063891][ T9849] ... [ 132.063896][ T9849] lock_acquire+0x179/0x350 [ 132.066222][ T9849] _raw_read_lock+0x5f/0x70 [ 132.067658][ T9849] __do_wait+0x105/0x890 [ 132.069021][ T9849] do_wait+0x21e/0x5a0 [ 132.070352][ T9849] kernel_wait+0x9f/0x160 [ 132.071780][ T9849] call_usermodehelper_exec_work+0xf1/0x170 [ 132.073663][ T9849] process_one_work+0x9cc/0x1b70 [ 132.075304][ T9849] worker_thread+0x6c8/0xf10 [ 132.076796][ T9849] kthread+0x3c5/0x780 [ 132.078139][ T9849] ret_from_fork+0x5d4/0x6f0 [ 132.079637][ T9849] ret_from_fork_asm+0x1a/0x30 [ 132.081177][ T9849] [ 132.081177][ T9849] other info that might help us debug this: [ 132.081177][ T9849] [ 132.084335][ T9849] Chain exists of: [ 132.084335][ T9849] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 132.084335][ T9849] [ 132.088511][ T9849] Possible interrupt unsafe locking scenario: [ 132.088511][ T9849] [ 132.091095][ T9849] CPU0 CPU1 [ 132.092777][ T9849] ---- ---- [ 132.094432][ T9849] lock(tasklist_lock); [ 132.095739][ T9849] local_irq_disable(); [ 132.097777][ T9849] lock(&dev->event_lock#2); [ 132.099964][ T9849] lock(&client->buffer_lock); [ 132.102212][ T9849] [ 132.103302][ T9849] lock(&dev->event_lock#2); [ 132.104845][ T9849] [ 132.104845][ T9849] *** DEADLOCK *** [ 132.104845][ T9849] [ 132.107287][ T9849] 7 locks held by syz.4.1604/9849: [ 132.108878][ T9849] #0: ffff88802774b118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x184/0x440 [ 132.111728][ T9849] #1: ffff888021387230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0x9f/0x3b0 [ 132.114895][ T9849] #2: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbb/0x3b0 [ 132.117894][ T9849] #3: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x80/0x880 [ 132.120851][ T9849] #4: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x7b/0x390 [ 132.123676][ T9849] #5: ffff88805e0cd028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0x10e/0x9b0 [ 132.126821][ T9849] #6: ffffffff8e5c1060 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x62/0x510 [ 132.129570][ T9849] [ 132.129570][ T9849] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 132.132746][ T9849] -> (&dev->event_lock#2){..-.}-{3:3} { [ 132.134484][ T9849] IN-SOFTIRQ-W at: [ 132.135768][ T9849] lock_acquire+0x179/0x350 [ 132.137706][ T9849] _raw_spin_lock_irqsave+0x3a/0x60 [ 132.139869][ T9849] input_inject_event+0x9f/0x3b0 [ 132.141931][ T9849] kd_sound_helper+0x17a/0x280 [ 132.143940][ T9849] input_handler_for_each_handle+0xd7/0x250 [ 132.146342][ T9849] call_timer_fn+0x19a/0x620 [ 132.148244][ T9849] __run_timers+0x6ef/0x960 [ 132.150195][ T9849] run_timer_base+0x114/0x190 [ 132.152241][ T9849] run_timer_softirq+0x1a/0x40 [ 132.154305][ T9849] handle_softirqs+0x219/0x8e0 [ 132.156362][ T9849] __irq_exit_rcu+0x109/0x170 [ 132.158399][ T9849] irq_exit_rcu+0x9/0x30 [ 132.160273][ T9849] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 132.162609][ T9849] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 132.165059][ T9849] lock_acquire+0x62/0x350 [ 132.167033][ T9849] unwind_next_frame+0xd1/0x20a0 [ 132.169142][ T9849] arch_stack_walk+0x94/0x100 [ 132.171197][ T9849] stack_trace_save+0x8e/0xc0 [ 132.173225][ T9849] kasan_save_stack+0x33/0x60 [ 132.175263][ T9849] kasan_save_track+0x14/0x30 [ 132.177297][ T9849] __kasan_kmalloc+0xaa/0xb0 [ 132.179284][ T9849] __kmalloc_noprof+0x223/0x510 [ 132.181356][ T9849] lsm_blob_alloc+0x68/0x90 [ 132.183327][ T9849] security_sk_alloc+0x30/0x270 [ 132.185431][ T9849] sk_prot_alloc+0xfb/0x2a0 [ 132.187421][ T9849] sk_alloc+0x36/0xc20 [ 132.189289][ T9849] inet_create+0x3a1/0x1040 [ 132.191294][ T9849] __sock_create+0x335/0x8d0 [ 132.193301][ T9849] __sys_socket+0x14d/0x260 [ 132.195308][ T9849] __ia32_compat_sys_socketcall+0x5ca/0x770 [ 132.197705][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.199875][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.201959][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.204485][ T9849] INITIAL USE at: [ 132.205789][ T9849] lock_acquire+0x179/0x350 [ 132.207755][ T9849] _raw_spin_lock_irqsave+0x3a/0x60 [ 132.209927][ T9849] input_inject_event+0x9f/0x3b0 [ 132.212036][ T9849] led_set_brightness+0x217/0x290 [ 132.214157][ T9849] kbd_led_trigger_activate+0xcb/0x110 [ 132.216413][ T9849] led_trigger_set+0x59a/0xc50 [ 132.218448][ T9849] led_trigger_set_default+0x1e0/0x2e0 [ 132.220696][ T9849] led_classdev_register_ext+0x7b8/0xa10 [ 132.223003][ T9849] input_leds_connect+0x552/0x8e0 [ 132.225120][ T9849] input_attach_handler.isra.0+0x176/0x250 [ 132.227485][ T9849] input_register_device+0xab9/0x1180 [ 132.229692][ T9849] atkbd_connect+0x5f8/0xa40 [ 132.231692][ T9849] serio_driver_probe+0x7f/0xd0 [ 132.233745][ T9849] really_probe+0x23e/0xa90 [ 132.235696][ T9849] __driver_probe_device+0x1de/0x440 [ 132.237888][ T9849] driver_probe_device+0x4c/0x1b0 [ 132.239991][ T9849] __driver_attach+0x283/0x580 [ 132.242029][ T9849] bus_for_each_dev+0x13e/0x1d0 [ 132.244078][ T9849] serio_handle_event+0x335/0xc30 [ 132.246194][ T9849] process_one_work+0x9cc/0x1b70 [ 132.248227][ T9849] worker_thread+0x6c8/0xf10 [ 132.250184][ T9849] kthread+0x3c5/0x780 [ 132.251997][ T9849] ret_from_fork+0x5d4/0x6f0 [ 132.253955][ T9849] ret_from_fork_asm+0x1a/0x30 [ 132.255952][ T9849] } [ 132.256778][ T9849] ... key at: [] __key.7+0x0/0x40 [ 132.259011][ T9849] -> (&client->buffer_lock){....}-{3:3} { [ 132.260812][ T9849] INITIAL USE at: [ 132.262074][ T9849] lock_acquire+0x179/0x350 [ 132.263989][ T9849] _raw_spin_lock+0x2e/0x40 [ 132.265933][ T9849] evdev_pass_values+0x10e/0x9b0 [ 132.267971][ T9849] evdev_events+0x1bb/0x390 [ 132.269887][ T9849] input_pass_values+0x74e/0x880 [ 132.271929][ T9849] input_handle_event+0xf00/0x14d0 [ 132.274015][ T9849] input_inject_event+0x1e8/0x3b0 [ 132.276089][ T9849] evdev_write+0x2e1/0x440 [ 132.277980][ T9849] vfs_write+0x29d/0x11d0 [ 132.279832][ T9849] ksys_write+0x1f8/0x250 [ 132.281672][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.283754][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.285811][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.288223][ T9849] } [ 132.289051][ T9849] ... key at: [] __key.1+0x0/0x40 [ 132.291281][ T9849] ... acquired at: [ 132.292485][ T9849] _raw_spin_lock+0x2e/0x40 [ 132.293982][ T9849] evdev_pass_values+0x10e/0x9b0 [ 132.295565][ T9849] evdev_events+0x1bb/0x390 [ 132.297026][ T9849] input_pass_values+0x74e/0x880 [ 132.298632][ T9849] input_handle_event+0xf00/0x14d0 [ 132.300270][ T9849] input_inject_event+0x1e8/0x3b0 [ 132.301913][ T9849] evdev_write+0x2e1/0x440 [ 132.303381][ T9849] vfs_write+0x29d/0x11d0 [ 132.304834][ T9849] ksys_write+0x1f8/0x250 [ 132.306282][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.307946][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.309539][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.311594][ T9849] [ 132.312362][ T9849] [ 132.312362][ T9849] the dependencies between the lock to be acquired [ 132.312368][ T9849] and SOFTIRQ-irq-unsafe lock: [ 132.316605][ T9849] -> (tasklist_lock){.+.+}-{3:3} { [ 132.318262][ T9849] HARDIRQ-ON-R at: [ 132.319584][ T9849] lock_acquire+0x179/0x350 [ 132.321620][ T9849] _raw_read_lock+0x5f/0x70 [ 132.323653][ T9849] __do_wait+0x105/0x890 [ 132.325626][ T9849] do_wait+0x21e/0x5a0 [ 132.327538][ T9849] kernel_wait+0x9f/0x160 [ 132.329511][ T9849] call_usermodehelper_exec_work+0xf1/0x170 [ 132.331969][ T9849] process_one_work+0x9cc/0x1b70 [ 132.334128][ T9849] worker_thread+0x6c8/0xf10 [ 132.336183][ T9849] kthread+0x3c5/0x780 [ 132.338089][ T9849] ret_from_fork+0x5d4/0x6f0 [ 132.340136][ T9849] ret_from_fork_asm+0x1a/0x30 [ 132.342191][ T9849] SOFTIRQ-ON-R at: [ 132.343470][ T9849] lock_acquire+0x179/0x350 [ 132.345476][ T9849] _raw_read_lock+0x5f/0x70 [ 132.347451][ T9849] __do_wait+0x105/0x890 [ 132.349386][ T9849] do_wait+0x21e/0x5a0 [ 132.351298][ T9849] kernel_wait+0x9f/0x160 [ 132.353277][ T9849] call_usermodehelper_exec_work+0xf1/0x170 [ 132.355750][ T9849] process_one_work+0x9cc/0x1b70 [ 132.357911][ T9849] worker_thread+0x6c8/0xf10 [ 132.359966][ T9849] kthread+0x3c5/0x780 [ 132.361975][ T9849] ret_from_fork+0x5d4/0x6f0 [ 132.364030][ T9849] ret_from_fork_asm+0x1a/0x30 [ 132.366142][ T9849] INITIAL USE at: [ 132.367431][ T9849] lock_acquire+0x179/0x350 [ 132.369415][ T9849] _raw_write_lock_irq+0x36/0x50 [ 132.371550][ T9849] copy_process+0x4caf/0x7690 [ 132.373593][ T9849] kernel_clone+0xfc/0x930 [ 132.375565][ T9849] user_mode_thread+0xc7/0x110 [ 132.377628][ T9849] rest_init+0x23/0x2b0 [ 132.379506][ T9849] start_kernel+0x3ee/0x4d0 [ 132.381492][ T9849] x86_64_start_reservations+0x18/0x30 [ 132.383782][ T9849] x86_64_start_kernel+0x130/0x190 [ 132.385929][ T9849] common_startup_64+0x13e/0x148 [ 132.388043][ T9849] INITIAL READ USE at: [ 132.389475][ T9849] lock_acquire+0x179/0x350 [ 132.391609][ T9849] _raw_read_lock+0x5f/0x70 [ 132.393734][ T9849] __do_wait+0x105/0x890 [ 132.395786][ T9849] do_wait+0x21e/0x5a0 [ 132.397783][ T9849] kernel_wait+0x9f/0x160 [ 132.399849][ T9849] call_usermodehelper_exec_work+0xf1/0x170 [ 132.402382][ T9849] process_one_work+0x9cc/0x1b70 [ 132.404660][ T9849] worker_thread+0x6c8/0xf10 [ 132.406804][ T9849] kthread+0x3c5/0x780 [ 132.408938][ T9849] ret_from_fork+0x5d4/0x6f0 [ 132.411286][ T9849] ret_from_fork_asm+0x1a/0x30 [ 132.413480][ T9849] } [ 132.414357][ T9849] ... key at: [] tasklist_lock+0x18/0x40 [ 132.416808][ T9849] ... acquired at: [ 132.418073][ T9849] _raw_read_lock+0x5f/0x70 [ 132.419545][ T9849] send_sigurg+0xed/0xc80 [ 132.420978][ T9849] sk_send_sigurg+0x76/0x360 [ 132.422488][ T9849] unix_stream_sendmsg+0xfa5/0x1340 [ 132.424155][ T9849] ____sys_sendmsg+0xa95/0xc70 [ 132.425744][ T9849] ___sys_sendmsg+0x134/0x1d0 [ 132.427278][ T9849] __sys_sendmsg+0x16d/0x220 [ 132.428789][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.430454][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.432046][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.434074][ T9849] [ 132.434855][ T9849] -> (&f_owner->lock){....}-{3:3} { [ 132.436522][ T9849] INITIAL USE at: [ 132.437783][ T9849] lock_acquire+0x179/0x350 [ 132.439724][ T9849] _raw_write_lock_irq+0x36/0x50 [ 132.441794][ T9849] __f_setown+0x61/0x3c0 [ 132.443665][ T9849] fcntl_dirnotify+0x7b1/0xb60 [ 132.445697][ T9849] do_fcntl+0xe62/0x15a0 [ 132.447581][ T9849] do_compat_fcntl64+0x367/0x710 [ 132.449646][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.451773][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.453811][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.456312][ T9849] INITIAL READ USE at: [ 132.457722][ T9849] lock_acquire+0x179/0x350 [ 132.459785][ T9849] _raw_read_lock_irqsave+0x74/0x90 [ 132.462078][ T9849] send_sigurg+0x5f/0xc80 [ 132.464093][ T9849] sk_send_sigurg+0x76/0x360 [ 132.466195][ T9849] unix_stream_sendmsg+0xfa5/0x1340 [ 132.468479][ T9849] ____sys_sendmsg+0xa95/0xc70 [ 132.470621][ T9849] ___sys_sendmsg+0x134/0x1d0 [ 132.472740][ T9849] __sys_sendmmsg+0x2f9/0x420 [ 132.474885][ T9849] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 132.477289][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.479546][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.481700][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.484312][ T9849] } [ 132.485172][ T9849] ... key at: [] __key.1+0x0/0x40 [ 132.487418][ T9849] ... acquired at: [ 132.488628][ T9849] _raw_read_lock_irqsave+0x74/0x90 [ 132.490289][ T9849] send_sigio+0x31/0x3e0 [ 132.491698][ T9849] kill_fasync+0x214/0x510 [ 132.493123][ T9849] sock_wake_async+0x132/0x160 [ 132.494684][ T9849] sock_def_readable+0x522/0x600 [ 132.496282][ T9849] unix_stream_sendmsg+0xfdd/0x1340 [ 132.497976][ T9849] ____sys_sendmsg+0xa95/0xc70 [ 132.499524][ T9849] ___sys_sendmsg+0x134/0x1d0 [ 132.501054][ T9849] __sys_sendmmsg+0x2f9/0x420 [ 132.502580][ T9849] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 132.504397][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.506088][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.507663][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.509675][ T9849] [ 132.510437][ T9849] -> (&new->fa_lock){....}-{3:3} { [ 132.512023][ T9849] INITIAL USE at: [ 132.513230][ T9849] lock_acquire+0x179/0x350 [ 132.515102][ T9849] _raw_write_lock_irq+0x36/0x50 [ 132.517118][ T9849] fasync_remove_entry+0xb2/0x1e0 [ 132.519147][ T9849] fasync_helper+0xaf/0xd0 [ 132.521001][ T9849] lease_modify+0x232/0x500 [ 132.522888][ T9849] generic_setlease+0x34b/0x1300 [ 132.524920][ T9849] kernel_setlease+0x106/0x140 [ 132.526881][ T9849] vfs_setlease+0x258/0x2d0 [ 132.528754][ T9849] fcntl_setlease+0x497/0x5a0 [ 132.530681][ T9849] do_fcntl+0x751/0x15a0 [ 132.532489][ T9849] do_compat_fcntl64+0x367/0x710 [ 132.534497][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.536580][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.538555][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.540988][ T9849] INITIAL READ USE at: [ 132.542354][ T9849] lock_acquire+0x179/0x350 [ 132.544375][ T9849] _raw_read_lock_irqsave+0x74/0x90 [ 132.546635][ T9849] kill_fasync+0x138/0x510 [ 132.548626][ T9849] sock_wake_async+0xf1/0x160 [ 132.550692][ T9849] sk_send_sigurg+0x179/0x360 [ 132.552761][ T9849] unix_stream_sendmsg+0xfa5/0x1340 [ 132.555003][ T9849] ____sys_sendmsg+0xa95/0xc70 [ 132.557082][ T9849] ___sys_sendmsg+0x134/0x1d0 [ 132.559148][ T9849] __sys_sendmmsg+0x2f9/0x420 [ 132.561203][ T9849] __ia32_compat_sys_sendmmsg+0x9d/0x100 [ 132.563557][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.565771][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.567880][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.570425][ T9849] } [ 132.571244][ T9849] ... key at: [] __key.0+0x0/0x40 [ 132.573428][ T9849] ... acquired at: [ 132.574666][ T9849] lock_acquire+0x179/0x350 [ 132.576142][ T9849] _raw_read_lock_irqsave+0x74/0x90 [ 132.577817][ T9849] kill_fasync+0x138/0x510 [ 132.579270][ T9849] evdev_pass_values+0x619/0x9b0 [ 132.580858][ T9849] evdev_events+0x1bb/0x390 [ 132.582335][ T9849] input_pass_values+0x74e/0x880 [ 132.583931][ T9849] input_handle_event+0xf00/0x14d0 [ 132.585588][ T9849] input_inject_event+0x1e8/0x3b0 [ 132.587218][ T9849] evdev_write+0x2e1/0x440 [ 132.588664][ T9849] vfs_write+0x29d/0x11d0 [ 132.590102][ T9849] ksys_write+0x1f8/0x250 [ 132.591529][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.593176][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.594774][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.596783][ T9849] [ 132.597549][ T9849] [ 132.597549][ T9849] stack backtrace: [ 132.599388][ T9849] CPU: 2 UID: 0 PID: 9849 Comm: syz.4.1604 Not tainted 6.17.0-rc1-syzkaller-00014-g0e39a731820a #0 PREEMPT(full) [ 132.599403][ T9849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 132.599411][ T9849] Call Trace: [ 132.599416][ T9849] [ 132.599420][ T9849] dump_stack_lvl+0x116/0x1f0 [ 132.599434][ T9849] check_irq_usage+0x7dc/0x920 [ 132.599447][ T9849] ? __pfx___smp_call_single_queue+0x10/0x10 [ 132.599462][ T9849] ? check_path.constprop.0+0x24/0x50 [ 132.599476][ T9849] ? __lock_acquire+0x12bc/0x1ce0 [ 132.599490][ T9849] __lock_acquire+0x12bc/0x1ce0 [ 132.599506][ T9849] lock_acquire+0x179/0x350 [ 132.599519][ T9849] ? kill_fasync+0x138/0x510 [ 132.599536][ T9849] _raw_read_lock_irqsave+0x74/0x90 [ 132.599548][ T9849] ? kill_fasync+0x138/0x510 [ 132.599563][ T9849] kill_fasync+0x138/0x510 [ 132.599579][ T9849] evdev_pass_values+0x619/0x9b0 [ 132.599590][ T9849] evdev_events+0x1bb/0x390 [ 132.599601][ T9849] input_pass_values+0x74e/0x880 [ 132.599611][ T9849] input_handle_event+0xf00/0x14d0 [ 132.599621][ T9849] ? _copy_from_user+0x59/0xd0 [ 132.599639][ T9849] input_inject_event+0x1e8/0x3b0 [ 132.599650][ T9849] evdev_write+0x2e1/0x440 [ 132.599660][ T9849] ? __pfx_evdev_write+0x10/0x10 [ 132.599669][ T9849] ? common_file_perm+0x1a9/0x340 [ 132.599682][ T9849] ? bpf_lsm_file_permission+0x9/0x10 [ 132.599698][ T9849] ? security_file_permission+0x71/0x210 [ 132.599713][ T9849] ? rw_verify_area+0xcf/0x6c0 [ 132.599724][ T9849] ? __pfx_evdev_write+0x10/0x10 [ 132.599733][ T9849] vfs_write+0x29d/0x11d0 [ 132.599746][ T9849] ? __pfx_vfs_write+0x10/0x10 [ 132.599757][ T9849] ? find_held_lock+0x2b/0x80 [ 132.599767][ T9849] ? __fget_files+0x204/0x3c0 [ 132.599779][ T9849] ? __fget_files+0x20e/0x3c0 [ 132.599792][ T9849] ksys_write+0x1f8/0x250 [ 132.599804][ T9849] ? __pfx_ksys_write+0x10/0x10 [ 132.599816][ T9849] ? rcu_is_watching+0x12/0xc0 [ 132.599828][ T9849] __do_fast_syscall_32+0x7c/0x3a0 [ 132.599842][ T9849] do_fast_syscall_32+0x32/0x80 [ 132.599856][ T9849] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 132.599870][ T9849] RIP: 0023:0xf7fe1579 [ 132.599879][ T9849] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 132.599890][ T9849] RSP: 002b:00000000f550655c EFLAGS: 00000296 ORIG_RAX: 0000000000000004 [ 132.599901][ T9849] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000040 [ 132.599908][ T9849] RDX: 0000000000001068 RSI: 0000000000000000 RDI: 0000000000000000 [ 132.599918][ T9849] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 132.599925][ T9849] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 132.599931][ T9849] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 132.599940][ T9849] [ 132.601592][ T1419] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.705640][ T1419] ieee802154 phy1 wpan1: encryption failed: -22 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 132.929211][ T1177] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.088063][ T1177] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.157309][ T1177] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.218105][ T1177] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.269348][ T1177] bridge_slave_1: left allmulticast mode [ 133.271748][ T1177] bridge_slave_1: left promiscuous mode [ 133.274268][ T1177] bridge0: port 2(bridge_slave_1) entered disabled state [ 133.280817][ T1177] bridge_slave_0: left allmulticast mode [ 133.283106][ T1177] bridge_slave_0: left promiscuous mode [ 133.285678][ T1177] bridge0: port 1(bridge_slave_0) entered disabled state [ 133.365249][ T60] wlan1: Trigger new scan to find an IBSS to join [ 133.627630][ T1177] hsr_slave_0: left promiscuous mode [ 133.629511][ T1177] hsr_slave_1: left promiscuous mode [ 133.631373][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 133.633651][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 133.636368][ T1177] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 133.638670][ T1177] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 133.642882][ T1177] veth1_macvtap: left promiscuous mode [ 133.644746][ T1177] veth0_macvtap: left promiscuous mode [ 133.646503][ T1177] veth1_vlan: left promiscuous mode [ 133.648125][ T1177] veth0_vlan: left promiscuous mode [ 133.792333][ T1177] team0 (unregistering): Port device team_slave_1 removed [ 133.825206][ T1177] team0 (unregistering): Port device team_slave_0 removed [ 134.398268][ T1177] netdevsim netdevsim3 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.436107][ T1177] netdevsim netdevsim3 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.527062][ T1177] netdevsim netdevsim3 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.606214][ T1177] netdevsim netdevsim3 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.675405][ T1177] netdevsim netdevsim2 eth3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.678459][ T1177] netdevsim netdevsim2 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.755633][ T1177] netdevsim netdevsim2 eth2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.758695][ T1177] netdevsim netdevsim2 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.817131][ T1177] netdevsim netdevsim2 eth1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.820936][ T1177] netdevsim netdevsim2 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.896482][ T1177] netdevsim netdevsim2 eth0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 134.900285][ T1177] netdevsim netdevsim2 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 134.993024][ T1177] netdevsim netdevsim5 eth3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.076530][ T1177] netdevsim netdevsim5 eth2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.126976][ T1177] netdevsim netdevsim5 eth1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.186961][ T1177] netdevsim netdevsim5 eth0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 135.294200][ T13] wlan1: Trigger new scan to find an IBSS to join [ 135.331139][ T1177] bond0 (unregistering): (slave geneve2): Releasing active interface [ 135.450546][ T1177] bond0 (unregistering): Released all slaves [ 135.485925][ T1177] bond0 (unregistering): (slave geneve2): Releasing active interface [ 135.658712][ T1177] bond0 (unregistering): Released all slaves [ 135.679070][ T1177] bond1 (unregistering): (slave geneve2): Releasing active interface [ 135.887316][ T1177] bond0 (unregistering): Released all slaves [ 135.895940][ T1177] bond1 (unregistering): Released all slaves [ 136.244599][ T97] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 136.418745][ T1177] hsr_slave_0: left promiscuous mode [ 136.420766][ T1177] hsr_slave_1: left promiscuous mode [ 136.424429][ T1177] hsr_slave_0: left promiscuous mode [ 136.426444][ T1177] hsr_slave_1: left promiscuous mode [ 136.429597][ T1177] hsr_slave_0: left promiscuous mode [ 136.431600][ T1177] hsr_slave_1: left promiscuous mode [ 136.437942][ T1177] veth1_macvtap: left promiscuous mode [ 136.440143][ T1177] veth0_macvtap: left promiscuous mode [ 136.441950][ T1177] veth1_vlan: left promiscuous mode [ 136.444008][ T1177] veth0_vlan: left promiscuous mode [ 136.446760][ T1177] veth1_macvtap: left promiscuous mode [ 136.448912][ T1177] veth0_macvtap: left promiscuous mode [ 136.451086][ T1177] veth1_vlan: left promiscuous mode [ 136.453126][ T1177] veth0_vlan: left promiscuous mode [ 136.455690][ T1177] veth1_macvtap: left promiscuous mode [ 136.457837][ T1177] veth0_macvtap: left promiscuous mode [ 136.460030][ T1177] veth1_vlan: left promiscuous mode [ 136.462135][ T1177] veth0_vlan: left promiscuous mode VM DIAGNOSIS: 17:28:25 Registers: info registers vcpu 0 CPU#0 RAX=00000000001040c4 RBX=0000000000000000 RCX=ffffffff8b903bf9 RDX=ffffed1005646656 RSI=ffffffff8c162900 RDI=ffffffff8190cd41 RBP=fffffbfff1c52ef8 RSP=ffffffff8e207e08 R8 =0000000000000000 R9 =ffffed1005646655 R10=ffff88802b2332ab R11=0000000000000001 R12=0000000000000000 R13=ffffffff8e2977c0 R14=ffffffff90ab6c90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880974c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000003261affc CR3=0000000067127000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=00000000000fc294 RBX=0000000000000001 RCX=ffffffff8b903bf9 RDX=ffffed1005666656 RSI=ffffffff8c162900 RDI=ffffffff8190cd41 RBP=ffffed1003bd8488 RSP=ffffc9000046fdf8 R8 =0000000000000000 R9 =ffffed1005666655 R10=ffff88802b3332ab R11=0000000000000001 R12=0000000000000001 R13=ffff88801dec2440 R14=ffffffff90ab6c90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880975c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f746d6f8 CR3=000000007738e000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=000000000000005b RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff85613855 RDI=ffffffff9b0f6600 RBP=ffffffff9b0f65c0 RSP=ffffc900014ff2f0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=2d2d2d2d2d2d2d2d R12=0000000000000000 R13=000000000000005b R14=ffffffff9b0f65c0 R15=ffffffff856137f0 RIP=ffffffff8561387f RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff8880976c6000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f55044b4 CR3=0000000062e54000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 2323232323232323 2323232323232323 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff ffffffffffffff00 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000110e7c RBX=0000000000000003 RCX=ffffffff8b903bf9 RDX=ffffed10056a6656 RSI=ffffffff8c162900 RDI=ffffffff8190cd41 RBP=ffffed1003864000 RSP=ffffc9000048fdf8 R8 =0000000000000000 R9 =ffffed10056a6655 R10=ffff88802b5332ab R11=0000000000000001 R12=0000000000000003 R13=ffff88801c320000 R14=ffffffff90ab6c90 R15=0000000000000000 RIP=ffffffff8b90275f RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=1 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff8880977c6000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00004087 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=000000005665d4c0 CR3=0000000060894000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000ffff0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000